Vulnerability Description
This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iptime | Nas1Dual Firmware | < 1.4.86 |
| Iptime | Nas1Dual | - |
| Iptime | Nas2Dual Firmware | < 1.4.86 |
| Iptime | Nas2Dual | - |
| Iptime | Nas4Dual Firmware | < 1.4.86 |
| Iptime | Nas4Dual | - |
Related Weaknesses (CWE)
References
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66964Third Party Advisory
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66964Third Party Advisory
FAQ
What is CVE-2022-23771?
CVE-2022-23771 is a vulnerability with a CVSS score of 8.0 (HIGH). This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this...
How severe is CVE-2022-23771?
CVE-2022-23771 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23771?
Check the references section above for vendor advisories and patch information. Affected products include: Iptime Nas1Dual Firmware, Iptime Nas1Dual, Iptime Nas2Dual Firmware, Iptime Nas2Dual, Iptime Nas4Dual Firmware.