CVE-2021-26620

Summary

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.

Affected Software

VendorProductVersion RangeStatus
EFM Networks Co., LtdipTIME NAS product (NAS1, 2, 3, 4, 1dual, 2dual 4dual)unspecified < 1.4.82affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References