8

CVE-2020-7847

The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IptimeNas-i Firmware Version < 1.4.36
   IptimeNas-i Version-
IptimeNas-ii Firmware Version < 1.4.36
   IptimeNas-ii Version-
IptimeNas-iie Firmware Version < 1.4.36
   IptimeNas-iie Version-
IptimeNas101 Firmware Version < 1.4.36
   IptimeNas101 Version-
IptimeNas1dual Firmware Version < 1.4.36
   IptimeNas1dual Version-
IptimeNas2dual Firmware Version < 1.4.36
   IptimeNas2dual Version-
IptimeNas3 Firmware Version < 1.4.36
   IptimeNas3 Version-
IptimeNas4 Firmware Version < 1.4.36
   IptimeNas4 Version-
IptimeNas4dual Firmware Version < 1.4.36
   IptimeNas4dual Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.391
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8 2.1 5.9
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.2 5.1 6.4
AV:A/AC:L/Au:S/C:P/I:P/A:P
vuln@krcert.or.kr 7.4 1.5 5.9
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35921
Third Party Advisory