CVE-2025-50464

Medium CVSS: 6.5

A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without bounds checking. Since this operation occurs before authentication logic is executed, the vulnerability is exploitable pre-authentication.

Vendor

Iptime

Product

Nas Firmware

CWE

CWE-121

Yayın Tarihi

2025-07-30 19:15:48

Güncelleme

2025-08-06 16:22:29

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-121 Nas Firmware MEDIUM Iptime 2025

Referanslar

https://github.com/lafdrew/IOT/blob/main/iptime_nas_1.5.04/Buffer-Overflow-in-upload-cgi-of-iptime-nas-1-5-04.md https://lafdrew.github.io/2025/04/25/Buffer-Overflow-in-upload-cgi-of-iptime-nas-1-5-04/

Benzer Kayıtlar

Medium

CVE-2026-24498

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Network…

Medium

CVE-2026-1741

A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the f…

Medium

CVE-2026-1742

A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncl…

Medium

CVE-2026-1740

A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file…

Critical

CVE-2025-55423

A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the contr…