Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-7834

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ver en NVD

Análisis

Critical stack-based buffer overflow in a specific model of ipTIME NAS hardware. While the CVSS is 9.8 and a public exploit exists, this is a regional hardware product (primarily South Korea) with negligible deployment in the MexicoDev community or general western stack.

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-119CWE-121

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 12.3%
EPSS: 2026-05-06

Descripción técnica

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Publicada: 5/5/2026, 14:16:09
Última modificación: 5/5/2026, 19:09:32

Referencias

InicioEventosBlogRecursosEquipo