CVE-2025-26339 Information

Description

A CWE-306 \Missing Authentication for Critical Function\ in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality integrity or availability in multiple unspecified ways via crafted HTTP requests.

Reference

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26339

Related CNNVD

CNNVD-202507-3033 (Published: 2025-07-23)