Vulnerability Details CVE-2022-23771
This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.6%
CVSS Severity
CVSS v3 Score 8.0
References
Products affected by CVE-2022-23771
-
cpe:2.3:h:iptime:nas1dual:-
-
cpe:2.3:h:iptime:nas2dual:-
-
cpe:2.3:h:iptime:nas4dual:-
-
cpe:2.3:o:iptime:nas1dual_firmware:-
-
cpe:2.3:o:iptime:nas2dual_firmware:-
-
cpe:2.3:o:iptime:nas4dual_firmware:-