Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in EFM ipTIME NAS1dual 1.5.24 allows remote unauthenticated attackers to achieve complete system compromise via the get_csrf_whites function in /cgi/advanced/misc_main.cgi. Public exploit code exists on GitHub, demonstrating practical exploitability despite lack of vendor response to responsible disclosure. CVSS 8.9 (Critical) with EPSS data unavailable; attack requires no authentication, low complexity, and no user interaction (AV:N/AC:L/PR:N/UI:N), making this a high-priority remote attack surface.
Technical ContextAI
This vulnerability exploits a classic stack-based buffer overflow (CWE-121) in the get_csrf_whites function within the CGI interface of ipTIME NAS1dual network-attached storage devices. Stack-based overflows occur when data exceeding allocated buffer size overwrites adjacent memory on the stack, potentially corrupting return addresses and enabling arbitrary code execution. The vulnerable endpoint (/cgi/advanced/misc_main.cgi) appears to be part of the device's web management interface, which is commonly exposed to network access. The CVSS vector indicates complete confidentiality, integrity, and availability impact to the vulnerable component (VC:H/VI:H/VA:H) with no cross-scope effects (SC:N/SI:N/SA:N), suggesting exploitation achieves full control of the NAS device itself. The CVE identifier appears to be from 2026, which may indicate a reporting/publication timing issue or test data.
RemediationAI
No vendor-released patch identified at time of analysis; EFM did not respond to vulnerability disclosure per the CVE description. Without official firmware updates, organizations must implement compensating controls immediately. Primary mitigation: Isolate ipTIME NAS1dual devices from Internet-facing networks by placing them behind firewall rules that restrict /cgi/advanced/ endpoints to trusted internal management networks only - this eliminates remote attack vector (AV:N) but reduces device accessibility for remote management. Secondary mitigation: If web interface access is required, implement reverse proxy authentication (such as nginx with HTTP basic auth) in front of the device to add the missing PR:N→PR:L authentication barrier, though this adds operational complexity and single point of failure. Tertiary option: Disable the web management interface entirely if device can be administered through alternative methods (SSH, serial console), though this may not be supported on consumer NAS models. Organizations should consider replacing affected devices with actively-supported alternatives given vendor non-responsiveness. Monitor network logs for HTTP requests to /cgi/advanced/misc_main.cgi with unusual Content-Length or payload characteristics. All mitigations trade functionality for security; network isolation is the most reliable control with least operational risk. Consult https://vuldb.com/vuln/361113/cti for additional vendor contact attempts and community-developed workarounds.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27333
GHSA-c384-mhv7-jvfr