Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-7834: ipTIME NAS1dual: Remote Attack Possible via Web Interface
CVE-2026-7834
Summary
An attacker can exploit a weakness in the web interface of ipTIME NAS1dual devices running version 1.5.24, potentially allowing them to execute unauthorized code. This could lead to unauthorized access or disruption of the device. It's recommended to update to a newer version if available.
Original title
A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-b...
Original description
A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 5 May 2026 · Updated: 28 May 2026 · First seen: 5 May 2026