Vulnerability Details CVE-2020-7847
The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.6%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 5.2
References
Products affected by CVE-2020-7847
-
cpe:2.3:h:iptime:nas-i:-
-
cpe:2.3:h:iptime:nas-ii:-
-
cpe:2.3:h:iptime:nas-iie:-
-
cpe:2.3:h:iptime:nas101:-
-
cpe:2.3:h:iptime:nas1dual:-
-
cpe:2.3:h:iptime:nas2dual:-
-
cpe:2.3:h:iptime:nas3:-
-
cpe:2.3:h:iptime:nas4:-
-
cpe:2.3:h:iptime:nas4dual:-
-
cpe:2.3:o:iptime:nas-i_firmware:*
-
cpe:2.3:o:iptime:nas-ii_firmware:*
-
cpe:2.3:o:iptime:nas-iie_firmware:*
-
cpe:2.3:o:iptime:nas101_firmware:*
-
cpe:2.3:o:iptime:nas1dual_firmware:-
-
cpe:2.3:o:iptime:nas2dual_firmware:-
-
cpe:2.3:o:iptime:nas3_firmware:*
-
cpe:2.3:o:iptime:nas4_firmware:*
-
cpe:2.3:o:iptime:nas4dual_firmware:-