CVE-2022-23765

Name of the Vulnerable Software and Affected Versions IPTIME NAS (affected versions not specified)

Description The issue occurs when a malicious POST request is sent to a specific page while logged in as a random user from some family of IPTIME NAS. This allows remote attackers to steal root privileges by changing the root password through a POST request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.