CVE-2021-26620
moderate-risk
Published 2022-03-25
An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.
Do I need to act?
-
0.61% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (9)
Nas101 Firmware
Nas1Dual Firmware
Nas2Dual Firmware
Nas3 Firmware
Nas4 Firmware
Nas4Dual Firmware
Nas-I Firmware
Nas-Ii Firmware
Nas-Iie Firmware
Affected Vendors
References (2)
Third Party Advisory
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66578
Third Party Advisory
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66578
43
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
15/34 · Moderate