Unrated severityNVD Advisory· Published Jul 30, 2025· Updated Jul 30, 2025

CVE-2025-50464

Description

A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without bounds checking. Since this operation occurs before authentication logic is executed, the vulnerability is exploitable pre-authentication.

Affected products

iptime/NAS firmwaredescription
Iomega/Nasllm-fuzzy
Range: =1.5.04

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/lafdrew/IOT/blob/main/iptime_nas_1.5.04/Buffer-Overflow-in-upload-cgi-of-iptime-nas-1-5-04.mdmitre
lafdrew.github.io/2025/04/25/Buffer-Overflow-in-upload-cgi-of-iptime-nas-1-5-04/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000