CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-23765

This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.8%

CVSS Severity

CVSS v3 Score 8.0

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66877
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66877

Products affected by CVE-2022-23765

Iptime » Nas1dual » Version: N/A

cpe:2.3:h:iptime:nas1dual:-
Iptime » Nas2dual » Version: N/A

cpe:2.3:h:iptime:nas2dual:-
Iptime » Nas4dual » Version: N/A

cpe:2.3:h:iptime:nas4dual:-
Iptime » Nas1dual Firmware » Version: N/A

cpe:2.3:o:iptime:nas1dual_firmware:-
Iptime » Nas2dual Firmware » Version: N/A

cpe:2.3:o:iptime:nas2dual_firmware:-
Iptime » Nas4dual Firmware » Version: N/A

cpe:2.3:o:iptime:nas4dual_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23765

Products

Pricing

Contact Us