CVE-2020-7847
Severity CVSS v4.0:
Pending analysis
Type:
CWE-434
Unrestricted Upload of File with Dangerous Type
Publication date:
23/02/2021
Last modified:
27/02/2021
Description
The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
Impact
Base Score 3.x
8.00
Severity 3.x
HIGH
Base Score 2.0
5.20
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:iptime:nas-i_firmware:*:*:*:*:*:*:*:* | 1.4.36 (excluding) | |
| cpe:2.3:h:iptime:nas-i:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:iptime:nas-ii_firmware:*:*:*:*:*:*:*:* | 1.4.36 (excluding) | |
| cpe:2.3:h:iptime:nas-ii:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:iptime:nas-iie_firmware:*:*:*:*:*:*:*:* | 1.4.36 (excluding) | |
| cpe:2.3:h:iptime:nas-iie:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:iptime:nas101_firmware:*:*:*:*:*:*:*:* | 1.4.36 (excluding) | |
| cpe:2.3:h:iptime:nas101:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:iptime:nas1dual_firmware:*:*:*:*:*:*:*:* | 1.4.36 (excluding) | |
| cpe:2.3:h:iptime:nas1dual:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:iptime:nas2dual_firmware:*:*:*:*:*:*:*:* | 1.4.36 (excluding) | |
| cpe:2.3:h:iptime:nas2dual:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:iptime:nas3_firmware:*:*:*:*:*:*:*:* | 1.4.36 (excluding) | |
| cpe:2.3:h:iptime:nas3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:iptime:nas4_firmware:*:*:*:*:*:*:*:* | 1.4.36 (excluding) |
To consult the complete list of CPE names with products and versions, see this page