Home / Vulnerability Intelligence / CVE-2026-7834

CVE-2026-7834 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 5, 2026

EFM ipTIME NAS1dual - Buffer Overflow

Published: May 5, 2026Updated: May 5, 2026Remote Exploitable

Overview

EFM ipTIME NAS1dual 1.5.24 contains a stack-based buffer overflow caused by manipulation in get_csrf_whites function in /cgi/advanced/misc_main.cgi, letting remote attackers cause memory corruption, exploit requires crafted request.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Remote attackers can cause memory corruption, potentially leading to remote code execution or system crash.

Mitigation

Update to the latest version or apply vendor patches if available.

References

https://github.com/glkfc/IoT-Vulnerability/blob/main/iptime/nas1dual/iptime2_en.md
https://vuldb.com/submit/807787
https://vuldb.com/vuln/361113
https://vuldb.com/vuln/361113/cti

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-7834
Severity: Critical
CVSS Score: 9.8
Type: buffer_overflow
Status: new

CWE

CWE-119

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H