VYPR

Nas

by Iomega

CVEs (6)

  • CVE-2026-22626MedJan 30, 2026
    risk 0.32cvss 4.9epss 0.00

    Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.

  • CVE-2026-22625MedJan 30, 2026
    risk 0.30cvss 4.6epss 0.00

    Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.

  • CVE-2026-22624MedJan 30, 2026
    risk 0.28cvss 4.3epss 0.00

    Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.

  • CVE-2025-50464Jul 30, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8,…

  • CVE-2019-6178Aug 19, 2019
    risk 0.00cvss epss 0.01

    An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file…

  • CVE-2002-1955Dec 31, 2002
    risk 0.00cvss epss 0.01

    Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack.