Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IPTIME NAS1DUAL CSRF Vulnerability
Vulnerability Description
This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
ipTIME NAS 跨站请求伪造漏洞
Vulnerability Description
ipTIME NAS是韩国ipTIME公司的一个无线路由器产品提供NAS网络附加存储 ipTIME NAS存在安全漏洞,该漏洞源于缺乏验证向页面发送的POST请求。攻击者利用该漏洞可以删除用户帐户,或升级任意用户权限。
CVSS Information
N/A
Vulnerability Type
N/A