Vulnerabilities > Iptime > Nas2Dual Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-17 | CVE-2022-23771 | Cross-Site Request Forgery (CSRF) vulnerability in Iptime products This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. | 8.8 |
2022-08-17 | CVE-2022-23765 | Cross-Site Request Forgery (CSRF) vulnerability in Iptime products This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. | 8.8 |
2022-03-25 | CVE-2021-26620 | Improper Authentication vulnerability in Iptime products An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. | 7.5 |
2021-02-23 | CVE-2020-7847 | Unrestricted Upload of File with Dangerous Type vulnerability in Iptime products The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. | 8.0 |