□ Overview
o EFM Networks Co., Ltd released security update to address information leakage due to improper authentication vulnerability in iptime NAS2dual.
Vulnerability
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Improper Authentication |
information leakage |
High |
7.5 |
CVE-2021-26620 |
□ Description
o An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual.
o Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.
□ Affected Product
Affected Product
| Product |
Version |
Platform |
All of ipTIME NAS product
(NAS1, 2, 3, 4, 1dual, 2dual 4dual) |
prior of 1.4.82 |
Windows |
□ Solution
o Access the iptime webpage in ‘Reference [1]’, update to iptime nas firmware over 1.4.82 version or higher.
□ Reference
[1] http://iptime.com/iptime/
□ Etc
o Thanks to Lee Bohye for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |
