Which versions of ipTIME NAS1dual are affected by CVE-2026-7834?

CVE-2026-7834 is a critical stack-based buffer overflow affecting EFM ipTIME NAS1dual 1.5.24 that allows unauthenticated remote attackers to achieve complete system compromise through an exposed CGI…

Is there a public PoC exploit available for CVE-2026-7834?

Yes, a public proof-of-concept exploit is available for CVE-2026-7834. Prioritise patching immediately. EPSS: 0.0%.

ipTIME NAS1dual CVE-2026-7834

Q: What is the CVSS score of CVE-2026-7834?

CVE-2026-7834 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-27333 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-05 VulDB

GHSA-c384-mhv7-jvfr

Buffer Overflow Stack Overflow

8.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 05, 2026 - 14:30 vuln.today

Severity Changed

May 05, 2026 - 14:22 NVD

CRITICAL HIGH

CVSS changed

May 05, 2026 - 14:22 NVD

9.8 (CRITICAL) 8.9 (HIGH)

DescriptionNVD

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in EFM ipTIME NAS1dual 1.5.24 allows remote unauthenticated attackers to achieve complete system compromise via the get_csrf_whites function in /cgi/advanced/misc_main.cgi. Public exploit code exists on GitHub, demonstrating practical exploitability despite lack of vendor response to responsible disclosure. …

RemediationAI

Within 24 hours: Identify all ipTIME NAS1dual 1.5.24 devices on the network using asset discovery tools; disable external access to the affected CGI endpoint (/cgi/advanced/misc_main.cgi) at the firewall or reverse proxy. Within 7 days: Isolate affected NAS devices to a segmented network with restricted access controls; contact EFM for patch timeline and interim guidance; evaluate data backup integrity and test recovery procedures. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7834 vulnerability details – vuln.today

Back

ipTIME NAS1dual CVE-2026-7834

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

ipTIME NAS1dual CVE-2026-7834

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code