CVE-2026-24498
CWE-200Published: February 27, 2026· Updated: Feb 27, 2026
Official Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8.
Technical Analysis
CVE-2026-24498 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
From a weakness classification perspective (CWE-200): Information exposure vulnerabilities leak sensitive data to unauthorized actors.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (2)
Quick Facts
Related CVEs (CWE-200)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-24498 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts