Versio.io

CVE-2021-26620

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 25-03-2022 08:15
Last modified: - 31-03-2022 04:34
Total changes: - 2

Description

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
High
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=iptime AND product=nas101_firmware AND target_software=windows AND versionEndExcluding=1.4.82
OR
vendor=iptime AND product=nas101 AND version=-
AND
OR
vendor=iptime AND product=nas1dual_firmware AND target_software=windows AND versionEndExcluding=1.4.82
OR
vendor=iptime AND product=nas1dual AND version=-
AND
OR
vendor=iptime AND product=nas2dual_firmware AND target_software=windows AND versionEndExcluding=1.4.82
OR
vendor=iptime AND product=nas2dual AND version=-
AND
OR
vendor=iptime AND product=nas3_firmware AND target_software=windows AND versionEndExcluding=1.4.82
OR
vendor=iptime AND product=nas3 AND version=-
AND
OR
vendor=iptime AND product=nas4_firmware AND target_software=windows AND versionEndExcluding=1.4.82
OR
vendor=iptime AND product=nas4 AND version=-
AND
OR
vendor=iptime AND product=nas4dual_firmware AND target_software=windows AND versionEndExcluding=1.4.82
OR
vendor=iptime AND product=nas4dual AND version=-
AND
OR
vendor=iptime AND product=nas-i_firmware AND target_software=windows AND versionEndExcluding=1.4.82
OR
vendor=iptime AND product=nas-i AND version=-
AND
OR
vendor=iptime AND product=nas-ii_firmware AND target_software=windows AND versionEndExcluding=1.4.82
OR
vendor=iptime AND product=nas-ii AND version=-
AND
OR
vendor=iptime AND product=nas-iie_firmware AND target_software=windows AND versionEndExcluding=1.4.82
OR
vendor=iptime AND product=nas-iie AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2021-26620

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.