Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IPTIME NAS family CSRF vulnerability
Vulnerability Description
This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
EFM Networks ipTIME NAS1dual、NAS2dual、NAS4dual 跨站请求伪造漏洞
Vulnerability Description
EFM Networks ipTIME NAS1dual等都是韩国EFM Networks公司的一款网络附加存储器。 EFM Networks ipTIME NAS1dual、NAS2dual、NAS4dual 1.4.86 之前版本存在安全漏洞,远程攻击者利用该漏洞可以通过 POST 请求更改 root 的密码来窃取 root 权限。
CVSS Information
N/A
Vulnerability Type
N/A