IPTIME NAS1DUAL CSRF Vulnerability
CVE-2022-23771

8HIGH

Key Information:

Vendor: Efm Networks Co., Ltd
Status: Nas1dual, Nas2dual, Nas4dual
Vendor: CVE Published:; 17 October 2022

🔔 Create Efm Networks Co., Ltd Vulnerability Alert

What is CVE-2022-23771?

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.

Affected Version(s)

NAS1dual, NAS2dual, NAS4dual Linux, Windows and etc.. < 1.4.86

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
Jan 19, 2022

CVE-2022-23771 Data

JSON