Vulnerability Description
The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iptime | Nas-I Firmware | < 1.4.36 |
| Iptime | Nas-I | - |
| Iptime | Nas-Ii Firmware | < 1.4.36 |
| Iptime | Nas-Ii | - |
| Iptime | Nas-Iie Firmware | < 1.4.36 |
| Iptime | Nas-Iie | - |
| Iptime | Nas101 Firmware | < 1.4.36 |
| Iptime | Nas101 | - |
| Iptime | Nas1Dual Firmware | < 1.4.36 |
| Iptime | Nas1Dual | - |
| Iptime | Nas2Dual Firmware | < 1.4.36 |
| Iptime | Nas2Dual | - |
| Iptime | Nas3 Firmware | < 1.4.36 |
| Iptime | Nas3 | - |
| Iptime | Nas4 Firmware | < 1.4.36 |
| Iptime | Nas4 | - |
| Iptime | Nas4Dual Firmware | < 1.4.36 |
| Iptime | Nas4Dual | - |
Related Weaknesses (CWE)
References
- https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35921Third Party Advisory
- https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35921Third Party Advisory
FAQ
What is CVE-2020-7847?
CVE-2020-7847 is a vulnerability with a CVSS score of 7.4 (HIGH). The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
How severe is CVE-2020-7847?
CVE-2020-7847 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7847?
Check the references section above for vendor advisories and patch information. Affected products include: Iptime Nas-I Firmware, Iptime Nas-I, Iptime Nas-Ii Firmware, Iptime Nas-Ii, Iptime Nas-Iie Firmware.