Home
Description
A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without bounds checking. Since this operation occurs before authentication logic is executed, the vulnerability is exploitable pre-authentication.
References
lafdrew.github.io/...low-in-upload-cgi-of-iptime-nas-1-5-04/
github.com/...Overflow-in-upload-cgi-of-iptime-nas-1-5-04.md