본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7847 | ipTIME NAS file upload and execution vulnerability2021.02.22
□ Overview
 o EFM Networks released security update to address file download vulnerability in ipTIME NAS product.
Vulnerability Type Impact Severity CVSS Score CVE ID
File upload Code execution High 7.4 CVE-2020-7847
 
□ Description
 o The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution.
 
□ Affected Product
Product Version
ipTIME NAS-I, NAS-II, NAS-IIe, NAS101, NAS1dual, NAS2dual, NAS3, NAS4, NAS4dual 1.4.35 and prior
 
□ Solution
 o Update software over 1.4.36 version
 
□ Acknowledgements
 o Thanks to JaeHyung Lee, InHyung Lee for reporting this vulnerability
 



□ 작성 : 침해사고분석단 취약점분석팀