IPTIME NAS1DUAL CSRF Vulnerability
CVE-2022-23771

8HIGH

Key Information:

Vendor: Efm Networks Co., Ltd
Status: Nas1dual, Nas2dual, Nas4dual
Vendor: CVE Published:; 17 October 2022

🔔 Create Efm Networks Co., Ltd Vulnerability Alert

What is CVE-2022-23771?

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

NAS1dual, NAS2dual, NAS4dual Linux, Windows and etc.. < 1.4.86

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
Jan 19, 2022

JSON

Efm Networks Co., Ltd

What is CVE-2022-23771?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.