o EFM Networks Co., Ltd released security update to address information leakage due to improper authentication vulnerability in iptime NAS2dual.
o An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual.
o Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.
□ Affected Product
|All of ipTIME NAS product
(NAS1, 2, 3, 4, 1dual, 2dual 4dual)
|prior of 1.4.82
o Access the iptime webpage in ‘Reference ’, update to iptime nas firmware over 1.4.82 version or higher.
o Thanks to Lee Bohye for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀