VYPR

NAS

by Iptime

CVEs (3)

  • CVE-2022-23771HigOct 17, 2022
    risk 0.52cvss 8.0epss 0.00

    This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to…

  • CVE-2022-23765HigAug 17, 2022
    risk 0.52cvss 8.0epss 0.00

    This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request.

  • CVE-2020-7847HigFeb 23, 2021
    risk 0.48cvss 7.4epss 0.01

    The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.