Vulnerability Description
An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iptime | Nas101 Firmware | < 1.4.82 |
| Iptime | Nas101 | - |
| Iptime | Nas1Dual Firmware | < 1.4.82 |
| Iptime | Nas1Dual | - |
| Iptime | Nas2Dual Firmware | < 1.4.82 |
| Iptime | Nas2Dual | - |
| Iptime | Nas3 Firmware | < 1.4.82 |
| Iptime | Nas3 | - |
| Iptime | Nas4 Firmware | < 1.4.82 |
| Iptime | Nas4 | - |
| Iptime | Nas4Dual Firmware | < 1.4.82 |
| Iptime | Nas4Dual | - |
| Iptime | Nas-I Firmware | < 1.4.82 |
| Iptime | Nas-I | - |
| Iptime | Nas-Ii Firmware | < 1.4.82 |
| Iptime | Nas-Ii | - |
| Iptime | Nas-Iie Firmware | < 1.4.82 |
| Iptime | Nas-Iie | - |
Related Weaknesses (CWE)
References
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66578Third Party Advisory
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66578Third Party Advisory
FAQ
What is CVE-2021-26620?
CVE-2021-26620 is a vulnerability with a CVSS score of 7.5 (HIGH). An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerab...
How severe is CVE-2021-26620?
CVE-2021-26620 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26620?
Check the references section above for vendor advisories and patch information. Affected products include: Iptime Nas101 Firmware, Iptime Nas101, Iptime Nas1Dual Firmware, Iptime Nas1Dual, Iptime Nas2Dual Firmware.