Nas
by Iomega
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22626 | Med | 0.32 | 4.9 | 0.00 | Jan 30, 2026 | Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages. | ||
| CVE-2026-22625 | Med | 0.30 | 4.6 | 0.00 | Jan 30, 2026 | Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files. | ||
| CVE-2026-22624 | Med | 0.28 | 4.3 | 0.00 | Jan 30, 2026 | Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization. | ||
| CVE-2025-50464 | 0.00 | — | 0.00 | Jul 30, 2025 | A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8,… | |||
| CVE-2019-6178 | 0.00 | — | 0.01 | Aug 19, 2019 | An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file… | |||
| CVE-2002-1955 | 0.00 | — | 0.01 | Dec 31, 2002 | Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack. |
- risk 0.32cvss 4.9epss 0.00
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.
- risk 0.30cvss 4.6epss 0.00
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.
- risk 0.28cvss 4.3epss 0.00
Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.
- CVE-2025-50464Jul 30, 2025risk 0.00cvss —epss 0.00
A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8,…
- CVE-2019-6178Aug 19, 2019risk 0.00cvss —epss 0.01
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file…
- CVE-2002-1955Dec 31, 2002risk 0.00cvss —epss 0.01
Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack.