CVE-2020-7847

Severity CVSS v4.0:
Pending analysis
Type:
CWE-434 Unrestricted Upload of File with Dangerous Type
Publication date:
23/02/2021
Last modified:
27/02/2021

Description

The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:iptime:nas-i_firmware:*:*:*:*:*:*:*:* 1.4.36 (excluding)
cpe:2.3:h:iptime:nas-i:-:*:*:*:*:*:*:*
cpe:2.3:o:iptime:nas-ii_firmware:*:*:*:*:*:*:*:* 1.4.36 (excluding)
cpe:2.3:h:iptime:nas-ii:-:*:*:*:*:*:*:*
cpe:2.3:o:iptime:nas-iie_firmware:*:*:*:*:*:*:*:* 1.4.36 (excluding)
cpe:2.3:h:iptime:nas-iie:-:*:*:*:*:*:*:*
cpe:2.3:o:iptime:nas101_firmware:*:*:*:*:*:*:*:* 1.4.36 (excluding)
cpe:2.3:h:iptime:nas101:-:*:*:*:*:*:*:*
cpe:2.3:o:iptime:nas1dual_firmware:*:*:*:*:*:*:*:* 1.4.36 (excluding)
cpe:2.3:h:iptime:nas1dual:-:*:*:*:*:*:*:*
cpe:2.3:o:iptime:nas2dual_firmware:*:*:*:*:*:*:*:* 1.4.36 (excluding)
cpe:2.3:h:iptime:nas2dual:-:*:*:*:*:*:*:*
cpe:2.3:o:iptime:nas3_firmware:*:*:*:*:*:*:*:* 1.4.36 (excluding)
cpe:2.3:h:iptime:nas3:-:*:*:*:*:*:*:*
cpe:2.3:o:iptime:nas4_firmware:*:*:*:*:*:*:*:* 1.4.36 (excluding)