CVE-2026-24498

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://iptime.com/iptime/?page_id=126&dffid=1&dfsid=15&dftid=589&uid=26901&mod=document	Release Notes
https://www.boho.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000302&searchWrd=&menuNo=205023&pageIndex=1&categoryCode=&nttId=71987	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:iptime:t5008_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iptime:t5008:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:iptime:ax2004m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iptime:ax2004m:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:iptime:ax3000q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iptime:ax3000q:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:iptime:ax6000m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iptime:ax6000m:-:*:*:*:*:*:*:*

History

17 Mar 2026, 15:46

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:h:iptime:ax2004m:-:::::::* cpe:2.3:h:iptime:ax3000q:-:::::::* cpe:2.3:o:iptime:ax6000m_firmware:::::::: cpe:2.3:h:iptime:t5008:-:::::::* cpe:2.3:h:iptime:ax6000m:-:::::::* cpe:2.3:o:iptime:t5008_firmware:::::::: cpe:2.3:o:iptime:ax2004m_firmware:::::::: cpe:2.3:o:iptime:ax3000q_firmware::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Iptime ax6000m Firmware Iptime ax6000m Iptime t5008 Iptime ax3000q Iptime ax2004m Iptime ax2004m Firmware Iptime ax3000q Firmware Iptime t5008 Firmware Iptime
References	~~() https://iptime.com/iptime/?page_id=126&dffid=1&dfsid=15&dftid=589&uid=26901&mod=document -~~	() https://iptime.com/iptime/?page_id=126&dffid=1&dfsid=15&dftid=589&uid=26901&mod=document - Release Notes
References	~~() https://www.boho.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000302&searchWrd=&menuNo=205023&pageIndex=1&categoryCode=&nttId=71987 -~~	() https://www.boho.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000302&searchWrd=&menuNo=205023&pageIndex=1&categoryCode=&nttId=71987 - Third Party Advisory

27 Feb 2026, 14:06

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de exposición de información sensible a un actor no autorizado en EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M permite la omisión de autenticación. Este problema afecta a ipTIME T5008: hasta 15.26.8; ipTIME AX2004M: hasta 15.26.8; ipTIME AX3000Q: hasta 15.26.8; ipTIME AX6000M: hasta 15.26.8.

27 Feb 2026, 02:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-27 02:16

Updated : 2026-03-17 15:46

NVD link : CVE-2026-24498

Mitre link : CVE-2026-24498

CVE.ORG link : CVE-2026-24498

JSON object : View

Products Affected

iptime

ax2004m_firmware
ax6000m_firmware
t5008_firmware
t5008
ax6000m
ax2004m
ax3000q_firmware
ax3000q

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

7.5 /10