IPTIME NAS User Account Creation and Deletion Vulnerability

IPTIME NAS User Account Creation and Deletion Vulnerability

CVE-2022-23771 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.

Learn more about our User Device Pen Test.