CVE-2021-26620
Last modified
CVE-2021-26620 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.. EPSS estimates a 1.30% chance of exploitation in the next 30 days.
Description
An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Iptime | Nas101 Firmware | < 1.4.82 |
| Iptime | Nas1dual Firmware | < 1.4.82 |
| Iptime | Nas2dual Firmware | < 1.4.82 |
| Iptime | Nas3 Firmware | < 1.4.82 |
| Iptime | Nas4 Firmware | < 1.4.82 |
| Iptime | Nas4dual Firmware | < 1.4.82 |
| Iptime | Nas-I Firmware | < 1.4.82 |
| Iptime | Nas-Ii Firmware | < 1.4.82 |
| Iptime | Nas-Iie Firmware | < 1.4.82 |
References
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66578Third Party Advisory
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66578Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-26620?
How severe is CVE-2021-26620?
How do I fix CVE-2021-26620?
Are you affected by CVE-2021-26620?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST