Security Advisory

CVE-2025-55423

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-20 00:00:00

Last updated 2026-01-27 14:58:59

Assigner mitre

State PUBLISHED

Description

A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitization, allowing OS command injection.

← Browse all CVEs View on cve.org ↗