| 제목 | iptime nas1dual 1.5.24 Stack Overflow |
|---|
| 설명 | A vulnerability exists in the system_mgmt.cgi file of ipTIME nas1dual, specifically within the sub_21A24 function. This function calls get_csrf_whites(v70) to read the csrf_whites value from the configuration file and stores it in the stack variable v70. The variable v70 is defined as a character array of 1024 bytes. However, the get_csrf_whites function does not enforce sufficient length restrictions when reading the configuration value. Consequently, if the csrf_whites field in the configuration file is overly long, a stack overflow occurs. |
|---|
| 원천 | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/iptime/nas1dual/iptime2_en.md |
|---|
| 사용자 | jfkk (UID 79868) |
|---|
| 제출 | 2026. 04. 19. AM 08:55 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 05. 05. AM 08:34 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 361113 [EFM ipTIME NAS1dual 1.5.24 misc_main.cgi get_csrf_whites 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|