CVE-2020-7847

Published Feb 23, 2021

Last updated 4 years ago

CVSS high 8.0

Overview

Description: The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
Source: vuln@krcert.or.kr
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8
Impact score: 5.9
Exploitability score: 2.1
Vector string: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.2
Impact score: 6.4
Exploitability score: 5.1
Vector string: AV:A/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-434
vuln@krcert.or.kr: CWE-434

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iptime:nas-i:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CBE26B68-CC6F-4ABE-818A-8872A0753DC6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:iptime:nas-i_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF3C2081-9C14-4EA8-9918-B90E1BE5DBA8",
            "versionEndExcluding": "1.4.36"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iptime:nas-ii:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8C101E48-A4C0-418A-9FBD-AF6B9115B0A9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:iptime:nas-ii_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF803047-1BB7-46DE-97AB-865C7957067F",
            "versionEndExcluding": "1.4.36"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iptime:nas-iie:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6B6F0961-E444-4519-BC03-9BFADEDF73EE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:iptime:nas-iie_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE3227D2-C847-4437-86C5-586B9F2F6646",
            "versionEndExcluding": "1.4.36"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iptime:nas101:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B46EE9BB-2CA6-49E1-BB46-9621805C89A0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:iptime:nas101_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31A2CB20-D231-4B47-A9F3-0BC08631ABE0",
            "versionEndExcluding": "1.4.36"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iptime:nas1dual:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2ACEC464-70B3-452B-A1A3-594C697E3AB3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:iptime:nas1dual_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AEECE18-E0EA-4394-9A57-EB97E2AE8DD2",
            "versionEndExcluding": "1.4.36"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iptime:nas2dual:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "271D21D5-A55E-4D4F-8473-5A7A67573DEA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:iptime:nas2dual_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8153E181-7934-4868-BE82-C30B6CD7C317",
            "versionEndExcluding": "1.4.36"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iptime:nas3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "409E183B-5919-48FF-A121-EB89E58D1956"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:iptime:nas3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A19466B-817D-444C-8E83-9448621C0B4D",
            "versionEndExcluding": "1.4.36"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iptime:nas4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5681FB7D-A7F5-48F1-AE10-79F5B64081E5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:iptime:nas4_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB48A461-FC97-4021-991B-141DF49B9870",
            "versionEndExcluding": "1.4.36"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:iptime:nas4dual_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "460ECDE2-268E-499A-B9B2-580EE221D85A",
            "versionEndExcluding": "1.4.36"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iptime:nas4dual:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0429CC1A-B95C-4FB0-90D6-D6CAD8E1CC14"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References