CVE-2025-50464
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-08-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iptime | nas_firmware | 1.5.04 |
| iptime | nas | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the upload.cgi module of the iptime NAS firmware v1.5.04. It occurs because the software uses the unsafe strcpy function to copy data from the CONTENT_TYPE HTTP header into a small fixed-size buffer without checking if the data fits. This can lead to overwriting memory and potentially executing malicious code. The vulnerability can be exploited before any authentication is performed.
How can this vulnerability impact me? :
Exploiting this vulnerability could allow an attacker to execute arbitrary code on the affected device, potentially gaining control over the NAS system without needing to authenticate. This could lead to data theft, data loss, or disruption of service.