8

CVE-2020-7847

The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IptimeNas-i Firmware Version < 1.4.36
   IptimeNas-i Version-
IptimeNas-ii Firmware Version < 1.4.36
   IptimeNas-ii Version-
IptimeNas-iie Firmware Version < 1.4.36
   IptimeNas-iie Version-
IptimeNas101 Firmware Version < 1.4.36
   IptimeNas101 Version-
IptimeNas1dual Firmware Version < 1.4.36
   IptimeNas1dual Version-
IptimeNas2dual Firmware Version < 1.4.36
   IptimeNas2dual Version-
IptimeNas3 Firmware Version < 1.4.36
   IptimeNas3 Version-
IptimeNas4 Firmware Version < 1.4.36
   IptimeNas4 Version-
IptimeNas4dual Firmware Version < 1.4.36
   IptimeNas4dual Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.499
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8 2.1 5.9
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.2 5.1 6.4
AV:A/AC:L/Au:S/C:P/I:P/A:P
vuln@krcert.or.kr 7.4 1.5 5.9
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.