CVE-2025-55423 - Vulnerability Details

ipTIME routers A2003NS-MU 10.00.6 to 12.16.2 , N600 10.00.8 to 12.16.2, A604-V3 10.01.6 to 10.07.2, A6ns-M 10.01.6 to 14.19.4 , V508 10.02.2 to 10.06.4, N704QCA 10.02.4 to 12.16.2, A8ns-M 10.03.2 to 14.19.4, A304 10.05.4 to 10.07.4, A3004NS-M,A5004NS-M,A9004M 10.05.4 to 14.19.4, N702R 10.05.8 to 10.06.8, A604M 10.06.4 to 10.07.2, A804NS-MU 10.06.4 to 12.10.2, N804R 10.06.4 to 12.16.2, A7004M,A8004T 10.06.8 to 14.19.4, A604G-MU 10.07.4 to 12.16.2, A3008-MU 10.08.4 to 14.19.4, A2004MU and A2004NS-MU 10.08.6 to 12.17.0, A604-V5,A604R, N702E 10.09.2 to 12.16.2, N2V 10.09.2 to 12.16.8, N604E 10.09.2 to 14.19.4, N104E 10.09.4 to 12.15.2, A8004ITL 11.00.4 to 14.19.4, N102E 11.00.8 to 12.15.2, N1V 11.01.2 to 12.07.6, N102i 11.01.2 to 12.15.2, T5004 11.96.4 to 14.19.4, N602E 11.96.6 to 12.16.8, AX8004BCM and A8004T-XR 11.97.2 to 14.19.4, A9004M-X2, T5008 11.98.2 to 14.19.4, N704E 11.98.4 to 12.16.2, A8004BCM 11.99.1 to 12.16.2, AX3004ITL 12.01.2 to 14.19.4 and A604G-skylife 12.02.4 to 12.12 were discovered to contain an OS command injection vulnerability via the function upnp_relay().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00132.

Key SSVC decision points have not yet been added.

Vendors	Products
Iptime Subscribe	A2003ns-mu Subscribe A2004mu Subscribe A2004ns-mu Subscribe A3004ns-m Subscribe A3008-mu Subscribe A304 Subscribe A5004ns-m Subscribe A604-v3 Subscribe A604-v5 Subscribe A604g-mu Subscribe A604g-skylife Subscribe A604m Subscribe A604r Subscribe A6ns-m Subscribe A7004m Subscribe A8004bcm Subscribe A8004itl Subscribe A8004t Subscribe A8004t-xr Subscribe A804ns-mu Subscribe A8ns-m Subscribe A9004m Subscribe A9004m-x2 Subscribe Ax3004itl Subscribe Ax8004bcm Subscribe N102e Subscribe N102i Subscribe N104e Subscribe N1v Subscribe N2v Subscribe N600 Subscribe N602e Subscribe N604e Subscribe N702e Subscribe N702r Subscribe N704e Subscribe N704qca Subscribe N804r Subscribe T5004 Subscribe T5008 Subscribe V508 Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Iptime Subscribe	A2003ns-mu Subscribe A2004mu Subscribe A2004ns-mu Subscribe A3004ns-m Subscribe A3008-mu Subscribe A304 Subscribe A5004ns-m Subscribe A604-v3 Subscribe A604-v5 Subscribe A604g-mu Subscribe A604g-skylife Subscribe A604m Subscribe A604r Subscribe A6ns-m Subscribe A7004m Subscribe A8004bcm Subscribe A8004itl Subscribe A8004t Subscribe A8004t-xr Subscribe A804ns-mu Subscribe A8ns-m Subscribe A9004m Subscribe A9004m-x2 Subscribe Ax3004itl Subscribe Ax8004bcm Subscribe N102e Subscribe N102i Subscribe N104e Subscribe N1v Subscribe N2v Subscribe N600 Subscribe N602e Subscribe N604e Subscribe N702e Subscribe N702r Subscribe N704e Subscribe N704qca Subscribe N804r Subscribe T5004 Subscribe T5008 Subscribe V508 Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.google.com/spreadsheets/d/1kryOFltCmnPJvDTpIrudgryt79uI4PWchuQ8-Gak24c/edit?usp=sharing
https://github.com/0x0xxxx/CVE/blob/main/CVE-2025-55423/README.md
https://iptime.com/iptime/?pageid=4&page_id=126&dfsid=3&dftid=583&uid=25203&mod=document

History

Wed, 21 Jan 2026 20:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Iptime Iptime a2003ns-mu Iptime a2004mu Iptime a2004ns-mu Iptime a3004ns-m Iptime a3008-mu Iptime a304 Iptime a5004ns-m Iptime a604-v3 Iptime a604-v5 Iptime a604g-mu Iptime a604g-skylife Iptime a604m Iptime a604r Iptime a6ns-m Iptime a7004m Iptime a8004bcm Iptime a8004itl Iptime a8004t Iptime a8004t-xr Iptime a804ns-mu Iptime a8ns-m Iptime a9004m Iptime a9004m-x2 Iptime ax3004itl Iptime ax8004bcm Iptime n102e Iptime n102i Iptime n104e Iptime n1v Iptime n2v Iptime n600 Iptime n602e Iptime n604e Iptime n702e Iptime n702r Iptime n704e Iptime n704qca Iptime n804r Iptime t5004 Iptime t5008 Iptime v508
Vendors & Products		Iptime Iptime a2003ns-mu Iptime a2004mu Iptime a2004ns-mu Iptime a3004ns-m Iptime a3008-mu Iptime a304 Iptime a5004ns-m Iptime a604-v3 Iptime a604-v5 Iptime a604g-mu Iptime a604g-skylife Iptime a604m Iptime a604r Iptime a6ns-m Iptime a7004m Iptime a8004bcm Iptime a8004itl Iptime a8004t Iptime a8004t-xr Iptime a804ns-mu Iptime a8ns-m Iptime a9004m Iptime a9004m-x2 Iptime ax3004itl Iptime ax8004bcm Iptime n102e Iptime n102i Iptime n104e Iptime n1v Iptime n2v Iptime n600 Iptime n602e Iptime n604e Iptime n702e Iptime n702r Iptime n704e Iptime n704qca Iptime n804r Iptime t5004 Iptime t5008 Iptime v508

Wed, 21 Jan 2026 03:00:00 +0900

Type	Values Removed	Values Added
Description		ipTIME routers A2003NS-MU 10.00.6 to 12.16.2 , N600 10.00.8 to 12.16.2, A604-V3 10.01.6 to 10.07.2, A6ns-M 10.01.6 to 14.19.4 , V508 10.02.2 to 10.06.4, N704QCA 10.02.4 to 12.16.2, A8ns-M 10.03.2 to 14.19.4, A304 10.05.4 to 10.07.4, A3004NS-M,A5004NS-M,A9004M 10.05.4 to 14.19.4, N702R 10.05.8 to 10.06.8, A604M 10.06.4 to 10.07.2, A804NS-MU 10.06.4 to 12.10.2, N804R 10.06.4 to 12.16.2, A7004M,A8004T 10.06.8 to 14.19.4, A604G-MU 10.07.4 to 12.16.2, A3008-MU 10.08.4 to 14.19.4, A2004MU and A2004NS-MU 10.08.6 to 12.17.0, A604-V5,A604R, N702E 10.09.2 to 12.16.2, N2V 10.09.2 to 12.16.8, N604E 10.09.2 to 14.19.4, N104E 10.09.4 to 12.15.2, A8004ITL 11.00.4 to 14.19.4, N102E 11.00.8 to 12.15.2, N1V 11.01.2 to 12.07.6, N102i 11.01.2 to 12.15.2, T5004 11.96.4 to 14.19.4, N602E 11.96.6 to 12.16.8, AX8004BCM and A8004T-XR 11.97.2 to 14.19.4, A9004M-X2, T5008 11.98.2 to 14.19.4, N704E 11.98.4 to 12.16.2, A8004BCM 11.99.1 to 12.16.2, AX3004ITL 12.01.2 to 14.19.4 and A604G-skylife 12.02.4 to 12.12 were discovered to contain an OS command injection vulnerability via the function upnp_relay().
References		https://docs.google.com/spreadsheets/d/1kryOFltCmnPJvDTpIrudgryt79uI4PWchuQ8-Gak24c/edit?usp=sharing https://github.com/0x0xxxx/CVE/blob/main/CVE-2025-55423/README.md https://iptime.com/iptime/?pageid=4&page_id=126&dfsid=3&dftid=583&uid=25203&mod=document

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-01-20T00:00:00.000Z

Updated: 2026-01-21T14:42:40.553Z

Reserved: 2025-08-13T00:00:00.000Z

Link: CVE-2025-55423

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-20T18:16:04.810

Modified: 2026-01-20T18:16:04.810

Link: CVE-2025-55423

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-01-21T20:20:01Z

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object