CVE-2022-23771
IPTIME NAS1DUAL CSRF Vulnerability
This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
EFM Networks Co., Ltd · NAS1dual, NAS2dual, NAS4dualQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →