CVE-2021-26620

Summary

CVE	CVE-2021-26620
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-03-25 19:15:00 UTC
Updated	2022-03-31 14:34:00 UTC
Description	An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.

Risk And Classification

Problem Types: CWE-287

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Iptime	Nas-i	-	All	All	All
Hardware	Iptime	Nas-ii	-	All	All	All
Hardware	Iptime	Nas-iie	-	All	All	All
Operating System	Iptime	Nas-iie Firmware	All	All	All	All
Operating System	Iptime	Nas-ii Firmware	All	All	All	All
Operating System	Iptime	Nas-i Firmware	All	All	All	All
Hardware	Iptime	Nas101	-	All	All	All
Operating System	Iptime	Nas101 Firmware	All	All	All	All
Hardware	Iptime	Nas1dual	-	All	All	All
Operating System	Iptime	Nas1dual Firmware	All	All	All	All
Hardware	Iptime	Nas2dual	-	All	All	All
Operating System	Iptime	Nas2dual Firmware	All	All	All	All
Hardware	Iptime	Nas3	-	All	All	All
Operating System	Iptime	Nas3 Firmware	All	All	All	All
Hardware	Iptime	Nas4	-	All	All	All
Hardware	Iptime	Nas4dual	-	All	All	All
Operating System	Iptime	Nas4dual Firmware	All	All	All	All
Operating System	Iptime	Nas4 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
Security Advisory \| KrCERT/CC - KISA 인터넷 보호나라&KrCERT	MISC	www.krcert.or.kr
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.