CVE-2026-1741 identifies a backdoor vulnerability in the EFM ipTIME A8004T router firmware version 14.18.2. The vulnerability resides in the Debug Interface component, specifically in the function httpcon_check_session_url located in the /sess-bin/d.cgi file. An attacker can manipulate the 'cmd' parameter passed to this function to trigger a backdoor, allowing unauthorized remote access to the device. The attack vector is network-based, requiring no user interaction but necessitating high privileges, which implies that the attacker must already have some elevated access or exploit chain to reach this state. The attack complexity is high, indicating that exploitation is non-trivial and may require specialized knowledge or conditions. The vulnerability was responsibly disclosed to the vendor, but no response or patch has been issued, leaving the device exposed. The CVSS v4.0 score is 7.5 (high), reflecting significant confidentiality, integrity, and availability impacts if exploited. The vulnerability does not require user interaction but does require high privileges, and the scope is limited to the affected firmware version. No known exploits in the wild have been reported yet, but public disclosure increases the risk of future exploitation.

If exploited, this backdoor vulnerability could allow attackers to gain unauthorized remote access to the affected routers, potentially leading to full compromise of the device. This could result in interception or manipulation of network traffic, unauthorized configuration changes, and pivoting within the internal network. The confidentiality, integrity, and availability of network communications could be severely impacted. Organizations relying on the ipTIME A8004T for critical network infrastructure could face data breaches, service disruptions, and loss of trust. The lack of vendor response and patch availability increases the window of exposure, raising the risk for targeted attacks, especially in environments where these routers are deployed at scale or in sensitive contexts.

Given the absence of an official patch, organizations should immediately assess their deployment of the ipTIME A8004T routers running firmware version 14.18.2. Mitigation steps include: 1) Isolate affected devices from untrusted networks, especially the internet, by restricting management interfaces to trusted IPs or internal networks only. 2) Disable or restrict access to the Debug Interface or any remote management features if possible. 3) Monitor network traffic for unusual activity targeting /sess-bin/d.cgi or suspicious commands related to the 'cmd' parameter. 4) Employ network segmentation to limit the impact of a compromised device. 5) Consider replacing affected devices with alternative hardware from vendors with active security support. 6) Implement strict access controls and multi-factor authentication for device management to reduce the risk of privilege escalation. 7) Stay alert for vendor updates or community patches and apply them promptly once available.