Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-7834

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

View on NVD

Analysis

Critical stack-based buffer overflow in a specific model of ipTIME NAS hardware. While the CVSS is 9.8 and a public exploit exists, this is a regional hardware product (primarily South Korea) with negligible deployment in the MexicoDev community or general western stack.

Severity

Score: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-119CWE-121

EPSS

Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 12.3%
EPSS: 2026-05-06

Technical description

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 5/5/2026, 2:16:09 PM
Last modified: 5/5/2026, 7:09:32 PM

References

HomeEventsBlogResourcesTeam