CVE-2026-7834
Published: 05 May 2026
Summary
CVE-2026-7834 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 8.9 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-7834 is a stack-based buffer overflow vulnerability in the EFM ipTIME NAS1dual network-attached storage device, specifically affecting version 1.5.24. The flaw resides in the get_csrf_whites function within the /cgi/advanced/misc_main.cgi script. Associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), it has a CVSS v3.1 base score of 9.8, indicating critical severity.
The vulnerability enables remote exploitation without authentication or user interaction, as reflected in the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Attackers can send crafted requests to trigger the buffer overflow, potentially achieving arbitrary code execution with full impact on confidentiality, integrity, and availability. An exploit has been publicly disclosed and may be actively used.
Advisories from VulDB detail the issue across entries like vuln/361113 and its CTI variant, with a submission tracked at submit/807787. A GitHub repository at glkfc/IoT-Vulnerability provides exploit documentation for the ipTIME NAS1dual. The vendor was notified early but has not responded or issued patches, leaving affected devices without official mitigations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-27333
Vulnerability details
A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly…
more
and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated stack buffer overflow in public-facing CGI script (/cgi/advanced/misc_main.cgi) directly enables arbitrary code execution on the exposed NAS device, mapping to exploitation of public-facing applications.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the stack-based buffer overflow in get_csrf_whites by validating and bounding inputs to the vulnerable CGI script.
Provides memory safeguards like stack canaries and non-executable stacks to prevent exploitation of the stack-based buffer overflow for arbitrary code execution.
Requires timely identification, reporting, and remediation of critical flaws like CVE-2026-7834, including patching or workarounds despite vendor non-response.