CVE-2022-23771 HIGH

CVE-2022-23771: IPTIME NAS1DUAL CSRF Vulnerability

Vendor Efm Networks Co., Ltd
Product NAS1dual, NAS2dual, NAS4dual
Weakness CWE-352 · CSRF
Published October 17, 2022
Last update May 9, 2025

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.

Key dates

02Disclosure timeline

October 17, 2022 CVE published
May 9, 2025 Record updated