Vulnerabilities ›

CVE-2026-8234

High

CWE-119 — Weakness Type

                    Published: May 10, 2026                      ·  Modified: May 17, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

A critical stack-based buffer overflow vulnerability exists in EFM ipTIME A8004T router firmware (version 14.18.2) affecting the WiFi configuration function. The vulnerability can be exploited remotely through the security_5g parameter without authentication, potentially allowing arbitrary code execution. With no patch available and public exploit disclosure, this poses immediate risk to organizations using this router model in their network infrastructure.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 13, 2026 00:16

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi organizations across multiple sectors: (1) Banking/SAMA-regulated institutions using ipTIME routers for branch connectivity or secure network segments; (2) Government agencies and NCA-regulated entities relying on these devices for network perimeter security; (3) Healthcare facilities using ipTIME routers for medical device networks; (4) Telecom operators (STC, Mobily, Zain) and ISPs using these devices in customer premises or network infrastructure; (5) Energy sector organizations including ARAMCO subsidiaries using these routers in operational technology networks. The lack of vendor response and public exploit availability significantly elevates risk for all sectors.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare and Medical Services Energy and Utilities Telecommunications Education Retail and E-commerce

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application (remote exploitation of router web interface) T1068 - Exploitation for Privilege Escalation (buffer overflow leading to code execution) T1543 - Create or Modify System Process (potential persistence through firmware modification) T1021 - Remote Services (lateral movement after router compromise) T1040 - Traffic Sniffing (potential network traffic interception from compromised router)

⚖️ Saudi Risk Score (AI)

8.9

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all EFM ipTIME A8004T devices in your network using network scanning tools (nmap, Shodan queries for Saudi IP ranges)

2. Isolate affected routers from critical network segments if possible

3. Disable remote management access to the router's web interface

4. Change default credentials immediately if not already done

5. Monitor router logs for suspicious access attempts to /goform/WifiBasicSet endpoint

COMPENSATING CONTROLS:

1. Implement network segmentation - place routers behind firewall with strict ACLs

2. Disable WAN access to router management interface (block port 80/443 from external networks)

3. Deploy IDS/IPS rules to detect buffer overflow attempts targeting /goform/WifiBasicSet with oversized security_5g parameters

4. Implement rate limiting on router management endpoints

5. Use WAF rules to block requests with suspicious payload sizes in security_5g parameter

DETECTION RULES:

1. Monitor HTTP POST requests to /goform/WifiBasicSet with security_5g parameter exceeding 256 bytes

2. Alert on any unauthenticated access attempts to router management interface

3. Track firmware version of all ipTIME devices - flag version 14.18.2

4. Monitor for unusual process execution or privilege escalation on router

LONG-TERM:

1. Plan replacement of EFM ipTIME A8004T with alternative vendors (Cisco, Juniper, Fortinet)

2. Evaluate vendor security response capabilities before future procurement

3. Implement router management through out-of-band channels only

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة EFM ipTIME A8004T في شبكتك باستخدام أدوات المسح (nmap، استعلامات Shodan للنطاقات السعودية)

2. عزل أجهزة التوجيه المتأثرة عن القطاعات الحرجة إن أمكن

3. تعطيل الوصول الإداري البعيد إلى واجهة الويب للجهاز

4. تغيير بيانات الاعتماد الافتراضية فوراً إذا لم يتم ذلك بالفعل

5. مراقبة سجلات الجهاز للوصول المريب إلى نقطة النهاية /goform/WifiBasicSet

الضوابط التعويضية:

1. تنفيذ تقسيم الشبكة - ضع أجهزة التوجيه خلف جدار الحماية مع قوائم التحكم في الوصول الصارمة

2. تعطيل الوصول من WAN إلى واجهة إدارة الجهاز (حظر المنفذ 80/443 من الشبكات الخارجية)

3. نشر قواعد IDS/IPS للكشف عن محاولات تجاوز المخزن المؤقت التي تستهدف /goform/WifiBasicSet بمعاملات security_5g كبيرة الحجم

4. تنفيذ تحديد معدل على نقاط نهاية إدارة الجهاز

5. استخدام قواعد WAF لحظر الطلبات ذات أحجام الحمولة المريبة في معامل security_5g

قواعد الكشف:

1. مراقبة طلبات HTTP POST إلى /goform/WifiBasicSet مع معامل security_5g يتجاوز 256 بايت

2. التنبيه على أي محاولات وصول غير مصرح بها إلى واجهة إدارة الجهاز

3. تتبع إصدار البرنامج الثابت لجميع أجهزة ipTIME - وضع علامة على الإصدار 14.18.2

4. مراقبة تنفيذ العمليات غير العادية أو تصعيد الامتيازات على الجهاز

المدى الطويل:

1. التخطيط لاستبدال EFM ipTIME A8004T بموردين بدائل (Cisco, Juniper, Fortinet)

2. تقييم قدرات استجابة أمان البائع قبل المشتريات المستقبلية

3. تنفيذ إدارة الجهاز من خلال قنوات خارج النطاق فقط

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.8.1 - Asset Management (inventory and control of network devices) ECC 2024 A.8.2 - Configuration Management (secure configuration of routers) ECC 2024 A.13.1 - Network Security (network segmentation and access control) ECC 2024 A.14.2 - System Development and Maintenance (vendor security assessment)

🔵 SAMA CSF

SAMA CSF ID.AM-1 - Asset Management (identify and manage network infrastructure) SAMA CSF PR.AC-1 - Access Control (limit access to network management) SAMA CSF PR.DS-1 - Data Security (protect data in transit through secure network) SAMA CSF DE.CM-1 - Detection and Analysis (monitor for unauthorized access)

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Supplier Relationships (vendor security assessment) ISO 27001:2022 A.8.1 - Asset Management (inventory control) ISO 27001:2022 A.8.2 - Configuration Management (secure configuration) ISO 27001:2022 A.8.6 - Management of Technical Vulnerabilities (vulnerability management)

🟣 PCI DSS v4.0.1

PCI DSS 1.1 - Firewall Configuration Standards (network segmentation) PCI DSS 2.1 - Default Passwords (change default credentials) PCI DSS 6.2 - Security Patches (vulnerability management)

🔗 References & Sources 4

🔗

https://github.com/Kiciot/cve/issues/5

cna@vuldb.com

🔗

https://vuldb.com/submit/808865

cna@vuldb.com

🔗

https://vuldb.com/vuln/362454

cna@vuldb.com

🔗

https://vuldb.com/vuln/362454/cti

cna@vuldb.com

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-10

Source Feed nvd

🇸🇦 Saudi Risk Score

8.9

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-8234

Introduce Yourself

Sign In Required