Description

A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitization, allowing OS command injection.

INFO

Published Date :

2026-01-20T00:00:00.000Z

Last Modified :

2026-01-27T14:58:59.154Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55423 vulnerability.

Vendors Products
Iptime
  • A1
  • A1004
  • A1004 Firmware
  • A1004ns
  • A1004ns Firmware
  • A1004v
  • A1004v Firmware
  • A104
  • A104 Firmware
  • A104ns
  • A104ns Firmware
  • A104r
  • A104r Firmware
  • A1 Firmware
  • A2003mu
  • A2003mu Firmware
  • A2003ns-mu
  • A2003ns-mu Firmware
  • A2004
  • A2004 Firmware
  • A2004mu
  • A2004mu Firmware
  • A2004ns
  • A2004ns-mu
  • A2004ns-mu Firmware
  • A2004ns-r
  • A2004ns-r Firmware
  • A2004ns Firmware
  • A2004nsplus
  • A2004nsplus Firmware
  • A2004plus
  • A2004plus Firmware
  • A2004r
  • A2004r Firmware
  • A2004se
  • A2004se Firmware
  • A2008
  • A2008 Firmware
  • A3
  • A3002mesh
  • A3002mesh Firmware
  • A3003ns
  • A3003ns Firmware
  • A3004
  • A3004-dual
  • A3004-dual Firmware
  • A3004 Firmware
  • A3004m
  • A3004m Firmware
  • A3004ns
  • A3004ns-bcm
  • A3004ns-bcm Firmware
  • A3004ns-dual
  • A3004ns-dual Firmware
  • A3004ns-m
  • A3004ns-m Firmware
  • A3004ns Firmware
  • A3004t
  • A3004t Firmware
  • A3004tw
  • A3004tw Firmware
  • A3008-mu
  • A3008-mu Firmware
  • A304
  • A304 Firmware
  • A3 Firmware
  • A5004ns
  • A5004ns-m
  • A5004ns-m Firmware
  • A5004ns Firmware
  • A6004mx
  • A6004mx Firmware
  • A6004ns
  • A6004ns-m
  • A6004ns-m Firmware
  • A6004ns Firmware
  • A604
  • A604-v3
  • A604-v3 Firmware
  • A604-v5
  • A604-v5 Firmware
  • A604 Firmware
  • A604g-mu
  • A604g-mu Firmware
  • A604g-skylife
  • A604g-skylife Firmware
  • A604m
  • A604m Firmware
  • A604mu
  • A604mu Firmware
  • A604r
  • A604r Firmware
  • A604se
  • A604se Firmware
  • A604v
  • A604v Firmware
  • A6ns-m
  • A6ns-m Firmware
  • A7004m
  • A7004m Firmware
  • A704ns-bcm
  • A704ns-bcm Firmware
  • A7ns
  • A7ns Firmware
  • A8004bcm
  • A8004bcm Firmware
  • A8004itl
  • A8004itl Firmware
  • A8004ns-m
  • A8004ns-m Firmware
  • A8004t
  • A8004t-xr
  • A8004t-xr Firmware
  • A8004t Firmware
  • A804ns-mu
  • A804ns-mu Firmware
  • A8ns-m
  • A8ns-m Firmware
  • A9004m
  • A9004m-x2
  • A9004m-x2 Firmware
  • A9004m Firmware
  • Ax11000
  • Ax11000 Firmware
  • Ax2002mesh
  • Ax2002mesh Firmware
  • Ax2004
  • Ax2004 Firmware
  • Ax2004bcm
  • Ax2004bcm Firmware
  • Ax2004m
  • Ax2004m Firmware
  • Ax3004bcm
  • Ax3004bcm Firmware
  • Ax3004itl
  • Ax3004itl Firmware
  • Ax8004bcm
  • Ax8004bcm Firmware
  • Ax8004m
  • Ax8004m Firmware
  • Ax8008m
  • Ax8008m Firmware
  • Ew302n
  • Ew302n Firmware
  • N102e
  • N102e Firmware
  • N102eplus
  • N102eplus Firmware
  • N102i
  • N102i Firmware
  • N102iplus
  • N102iplus Firmware
  • N104 Black
  • N104 Black Firmware
  • N104e
  • N104e Firmware
  • N104eplus
  • N104eplus Firmware
  • N104k
  • N104k Firmware
  • N104plus
  • N104plus-i
  • N104plus-i Firmware
  • N104plus Firmware
  • N104q
  • N104q-i
  • N104q-i Firmware
  • N104q Firmware
  • N104r
  • N104r Firmware
  • N104s-r1
  • N104s-r1 Firmware
  • N104v
  • N104v Firmware
  • N1e
  • N1e Firmware
  • N1plus
  • N1plus-i
  • N1plus-i Firmware
  • N1plus Firmware
  • N1v
  • N1v Firmware
  • N2e
  • N2e Firmware
  • N2eplus
  • N2eplus Firmware
  • N2plus
  • N2plus-i
  • N2plus-i Firmware
  • N2plus Firmware
  • N2v
  • N2v Firmware
  • N2vs
  • N2vs Firmware
  • N3
  • N3-i
  • N3-i Firmware
  • N3 Firmware
  • N5
  • N5-i
  • N5-i Firmware
  • N5 Firmware
  • N6
  • N600
  • N6004r
  • N6004r Firmware
  • N600 Firmware
  • N602e
  • N602e Firmware
  • N602eplus
  • N602eplus Firmware
  • N602se
  • N602se Firmware
  • N604 Black
  • N604 Black Firmware
  • N604a
  • N604a Firmware
  • N604e
  • N604e Firmware
  • N604eplus
  • N604eplus Firmware
  • N604plus
  • N604plus-i
  • N604plus-i Firmware
  • N604plus Firmware
  • N604r
  • N604r Firmware
  • N604rplus
  • N604rplus-i
  • N604rplus-i Firmware
  • N604rplus Firmware
  • N604s
  • N604s Firmware
  • N604se
  • N604se Firmware
  • N604t
  • N604t Firmware
  • N604tplus
  • N604tplus Firmware
  • N604v
  • N604v Firmware
  • N604vplus
  • N604vplus Firmware
  • N6 Firmware
  • N7004ns
  • N7004ns Firmware
  • N702bcm
  • N702bcm Firmware
  • N702e
  • N702e Firmware
  • N702eplus
  • N702eplus Firmware
  • N702r
  • N702r Firmware
  • N704-a3
  • N704-a3 Firmware
  • N704bcm
  • N704bcm Firmware
  • N704e
  • N704e Firmware
  • N704eplus
  • N704eplus Firmware
  • N704ns
  • N704ns Firmware
  • N704qca
  • N704qca Firmware
  • N704v3
  • N704v3 Firmware
  • N8004r
  • N8004r Firmware
  • N8004v
  • N8004v Firmware
  • N804
  • N804 Firmware
  • N804a
  • N804a3
  • N804a3 Firmware
  • N804a Firmware
  • N804r
  • N804r Firmware
  • N804t
  • N804t3
  • N804t3 Firmware
  • N804t Firmware
  • N804v
  • N804v Firmware
  • N904
  • N904 Firmware
  • N904ns
  • N904ns Firmware
  • N904plus
  • N904plus Firmware
  • N904v
  • N904v Firmware
  • Q1
  • Q1 Firmware
  • Q304
  • Q304 Firmware
  • Q504
  • Q504 Firmware
  • Q604
  • Q604 Firmware
  • Smart
  • Smart Firmware
  • T16000
  • T16000 Firmware
  • T16000m
  • T16000m Firmware
  • T24000
  • T24000 Firmware
  • T24000m
  • T24000m Firmware
  • T3004
  • T3004 Firmware
  • T3008
  • T3008 Firmware
  • T5004
  • T5004 Firmware
  • T5008
  • T5008 Firmware
  • V304
  • V304 Firmware
  • V504
  • V504 Firmware
  • V508
  • V508 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55423.

URL Resource
https://docs.google.com/spreadsheets/d/1kryOFltCmnPJvDTpIrudgryt79uI4PWchuQ8-Gak24c/edit?usp=sharing cve-icon cve-icon
https://github.com/0x0xxxx/CVE/blob/main/CVE-2025-55423/README.md cve-icon cve-icon
https://github.com/0x0xxxx/CVE/blob/main/CVE-2025-55423/assets/affected_products_cve_format.json cve-icon cve-icon
https://iptime.com/iptime/?pageid=4&page_id=126&dfsid=3&dftid=583&uid=25203&mod=document cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact