본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26620 | IPTIME NAS2dual improper authentication vulnerability2022.03.25
□ Overview
 o EFM Networks Co., Ltd released security update to address information leakage due to improper authentication vulnerability in iptime NAS2dual.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper Authentication information leakage High 7.5 CVE-2021-26620

□ Description
 o An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual.
 o Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.

□ Affected Product
Affected Product
Product Version Platform
All of ipTIME NAS product
(NAS1, 2, 3, 4, 1dual, 2dual 4dual)
prior of 1.4.82 Windows

□ Solution
  o Access the iptime webpage in ‘Reference [1]’, update to iptime nas firmware over 1.4.82 version or higher.

□ Reference
 [1] http://iptime.com/iptime/

□ Etc
 o Thanks to Lee Bohye for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀