Primary

Context

iptime NAS Buffer Overflow Vulnerability in upload.cgi Pre-Authentication

Vulnerability

A buffer overflow vulnerability has been identified in the upload.cgi module of iptime NAS firmware version 1.5.04. This vulnerability is caused by the unsafe use of the strcpy function, which copies data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer of 8 bytes, without proper bounds checking. The issue arises before authentication is processed, making it exploitable pre-authentication.

Impact

Exploitation of this vulnerability allows for a buffer overflow, where the attacker can overwrite the stack and potentially gain control of the execution flow, as demonstrated in a proof-of-concept.

Reproduction

The vulnerability can be reproduced by sending an HTTP request to the upload.cgi script with a CONTENT_TYPE header that includes a payload of 5000 'A' characters. This can be done using a QEMU simulation that mimics the vulnerable environment.

Added: Jul 30, 2025, 7:46 PM

Updated: Jul 30, 2025, 8:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iptime NAS Buffer Overflow Vulnerability in upload.cgi Pre-Authentication

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating