## Critical Pre-Authentication RCE Vulnerability Disclosed in ipTIME Router CWMP Implementation
Security researchers at SSD-Disclosure have identified a pre-authentication remote code execution vulnerability in the CWMP (CPE WAN Management Protocol) implementation of ipTIME routers. The flaw enables unauthenticated attackers to execute arbitrary code remotely, posing a severe risk to affected devices connected to public or untrusted networks. The vulnerability requires no credentials or prior access, meaning any actor with network reachability to the router's management interface can exploit it.

CWMP, also known as TR-069, is a protocol widely used by internet service providers to manage and configure customer premises equipment remotely. Its implementation in ipTIME firmware contains a critical weakness that allows an attacker to inject and execute malicious commands before any authentication handshake occurs. This attack surface is particularly concerning for routers deployed in both residential and small-to-medium business environments where ipTIME holds significant market presence.

The disclosure underscores a recurring pattern in embedded device security: management protocols designed for trusted ISP environments are being exposed to hostile networks without adequate hardening. At present, no official firmware patch has been released by ipTIME. Security practitioners managing affected deployments should evaluate network-level mitigations, including restricting access to the CWMP management port, placing routers behind downstream firewalls, and monitoring for indicators of exploitation attempts. The full technical details and proof-of-concept are available through SSD-Disclosure's published advisory.
---
- **Source**: r/netsec
- **Sector**: The Lab
- **Tags**: CVE, CWMP, TR-069, pre-auth RCE, router vulnerability
- **Credibility**: unverified
- **Published**: 2026-05-15 08:48:22
- **ID**: 83372
- **URL**: https://whisperx.ai/en/intel/83372