logis11

1 exploit Active since Jan 2026
CVE-2025-55423 GITHUB CRITICAL c WORKING POC
ipTIME Router Firmware - OS Command Injection via UPnP Relay controlURL Parameter
A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitization, allowing OS command injection.
CVSS 9.8