Vulnerability Description
This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iptime | Nas1Dual Firmware | < 1.4.86 |
| Iptime | Nas1Dual | - |
| Iptime | Nas2Dual Firmware | < 1.4.86 |
| Iptime | Nas2Dual | - |
| Iptime | Nas4Dual Firmware | < 1.4.86 |
| Iptime | Nas4Dual | - |
Related Weaknesses (CWE)
References
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66877Third Party Advisory
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66877Third Party Advisory
FAQ
What is CVE-2022-23765?
CVE-2022-23765 is a vulnerability with a CVSS score of 8.0 (HIGH). This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the...
How severe is CVE-2022-23765?
CVE-2022-23765 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23765?
Check the references section above for vendor advisories and patch information. Affected products include: Iptime Nas1Dual Firmware, Iptime Nas1Dual, Iptime Nas2Dual Firmware, Iptime Nas2Dual, Iptime Nas4Dual Firmware.