Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

EFM — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting EFM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

EFM is a web-based email filtering and security solution designed to protect organizations from spam, malware, and other email-based threats. Historically, EFM has been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from improper input validation and insufficient access controls. Privilege escalation vulnerabilities have also been prevalent, allowing authenticated users to gain elevated system access. The product's seven recorded CVEs highlight ongoing security challenges, with several critical RCE issues discovered in recent years. These vulnerabilities typically stem from the complex web interface and integration points, making EFM a persistent target for attackers seeking initial access to enterprise networks.

Top products by EFM: ipTIME A8004T ipTIME A3004T iptime A6004MX ipTIME C200 ipTIME NAS1dual
CVE IDTitleCVSSSeverityPublished
CVE-2026-8234 EFM ipTIME A8004T WifiBasicSet formWifiBasicSet stack-based overflow — ipTIME A8004TCWE-121 8.8 High2026-05-10
CVE-2026-7834 EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow — ipTIME NAS1dualCWE-121 9.8 Critical2026-05-05
CVE-2026-7833 EFM ipTIME C200 ApplyRestore Endpoint iux_set.cgi sub_408F90 command injection — ipTIME C200CWE-77 7.2 High2026-05-05
CVE-2026-2550 EFM iptime A6004MX timepro.cgi commit_vpncli_file_upload unrestricted upload — iptime A6004MXCWE-434 9.8 Critical2026-02-16
CVE-2026-1742 EFM ipTIME A8004T VPN Service timepro.cgi commit_vpncli_file_upload unrestricted upload — ipTIME A8004TCWE-434 4.7 Medium2026-02-02
CVE-2026-1741 EFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backdoor — ipTIME A8004TCWE-912 6.6 Medium2026-02-02
CVE-2026-1740 EFM ipTIME A8004T Hidden Hiddenloginsetup timepro.cgi httpcon_check_session_url improper authentication — ipTIME A8004TCWE-287 7.3 High2026-02-02
CVE-2025-14485 EFM ipTIME A3004T Administrator Password timepro.cgi show_debug_screen command injection — ipTIME A3004TCWE-77 5.0 Medium2025-12-11

This page lists every published CVE security advisory associated with EFM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.