CVE-2026-7834 EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function getcsrfwhites of the file /cgi/advanced/miscmain.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and...

EFM ipTIME C200 注入漏洞

EFM ipTIME C200 is a network camera device produced by the South Korean company EFM. The EFM ipTIME C200 models starting from version 1.092 and earlier have a vulnerability that stems from the sub408F90 function’s ApplyRestore endpoint, which processes the RestoreFile parameter. This vulnerabilit...

EFM ipTIME NAS1dual 缓冲区错误漏洞

EFM ipTIME NAS1dual is a network-attached storage device produced by the South Korean company EFM. Version 1.5.24 of EFM ipTIME NAS1dual contains a buffer overflow vulnerability. This vulnerability stems from a problem with the function getcsrfwhites in the file /cgi/advanced/miscmain.cgi, which...

PT-2026-37047

Name of the Vulnerable Software and Affected Versions ipTIME NAS1dual version 1.5.24 Description A stack-based buffer overflow can be triggered remotely via the get csrf whites function within the '/cgi/advanced/misc main.cgi' endpoint. A stack-based buffer overflow occurs when a program writes...

EFM多款产品 安全漏洞

The EFM ipTIME T5008, among others, is a product of the South Korean EFM company. The EFM ipTIME T5008 is a wired router. The EFM ipTIME AX2004M is a wireless router. The EFM ipTIME AX3000Q is also a wireless router. Several EFM products have security vulnerabilities; these vulnerabilities stem...

EUVD-2026-6098

A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commitvpnclifileupload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was...

CVE-2026-2550

A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commitvpnclifileupload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was...

EFM iptime A6004MX 代码问题漏洞

EFM iptime A6004MX is a wireless router produced by the South Korean company EFM. The EFM iptime A6004MX version 14.18.2 has a code vulnerability. This vulnerability stems from an unlimited upload function in the commitvpnclifile Upload function located in the cgi/timepro.cgi file, which could le...

CVE-2026-1742

A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commitvpnclifileupload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit i...

EFM ipTIME A8004T 授权问题漏洞

The EFM ipTIME A8004T is a wireless router produced by the South Korean company EFM. The version 14.18.2 of the EFM ipTIME A8004T contains an authorization vulnerability. This vulnerability stems from incorrect operations on the function httpconchecksessionurl in the file/cgi/timepro.cgi, which m...

EFM ipTIME Routers security vulnerabilities

EFM ipTIME Routers are a series of routers produced by the South Korean company EFM. The EFM ipTIME Routers have a security vulnerability, which stems from an OS command injection vulnerability in the upnp-relay function. The following products and versions are affected: A2003NS-MU version 10.00....

EFM ipTIME A3004T 命令注入漏洞

The EFM ipTIME A3004T is a wireless router from EFM Korea. A command injection vulnerability exists in EFM ipTIME A3004T version 14.19.0, which stems from improper handling of the parameter aaksjdkfj in the file /sess-bin/timepro.cgi, which could lead to command injection...

EUVD-2020-28780

Malware in sbrugna...

CVE-2020-7848

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...

efm-gmbh.de Improper Access Control vulnerability OBB-3816576

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

efm-gmbh.de Improper Access Control vulnerability OBB-3765453

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

EFM Networks ipTIME NAS1dual、NAS2dual、NAS4dual 跨站请求伪造漏洞

EFM Networks ipTIME NAS1dual and others are a network attached storage from EFM Networks, Korea. A security vulnerability exists in EFM Networks ipTIME NAS1dual, NAS2dual, and NAS4dual versions prior to 1.4.86, which can be exploited by remote attackers to steal root privileges via a POST request...

EFM ipTIME C200 IP Camera 授权问题漏洞

EFM ipTIME C200 IP Camera is a hardware device from EFM Korea. It provides a camera device for surveillance. A security vulnerability exists in the EFM ipTIME C200 IP Camera that stems from a problem with shared folder authentication. A remote attacker can exploit the vulnerability by using...

efm-gmbh.de Improper Access Control vulnerability OBB-2410247

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Bulletin: IBM Data Management Platform for EDB Postgres Standard is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary IBM Data Management Platform for EnterpriseDB EDB Postgres Standard contains a component called EDB Failover Manager EFM and uses a version of Apache Log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1. Vulnerability Details CVEID:...