EFM

A stack-based buffer overflow vulnerability exists in EFM ipTIME NAS1dual 1.5.24, affecting the get_csrf_whites function in /cgi/advanced/misc_main.cgi, exploitable remotely, and leading to potential arbitrary code execution.

EFM ipTIME C200 devices are vulnerable to remote command injection due to insufficient validation of the RestoreFile argument in the /cgi/iux_set.cgi endpoint, allowing attackers to execute arbitrary commands with elevated privileges.