Cyber Resilience

CVE-2026-7834

High

Published: 05 May 2026

Published
05 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0063 45.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7834 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-7834 is a stack-based buffer overflow vulnerability in the EFM ipTIME NAS1dual network-attached storage device, specifically affecting version 1.5.24. The flaw resides in the get_csrf_whites function within the /cgi/advanced/misc_main.cgi script. Associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), it has a CVSS v3.1 base score of 9.8, indicating critical severity.

The vulnerability enables remote exploitation without authentication or user interaction, as reflected in the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Attackers can send crafted requests to trigger the buffer overflow, potentially achieving arbitrary code execution with full impact on confidentiality, integrity, and availability. An exploit has been publicly disclosed and may be actively used.

Advisories from VulDB detail the issue across entries like vuln/361113 and its CTI variant, with a submission tracked at submit/807787. A GitHub repository at glkfc/IoT-Vulnerability provides exploit documentation for the ipTIME NAS1dual. The vendor was notified early but has not responded or issued patches, leaving affected devices without official mitigations.

EU & UK References

Vulnerability details

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly…

more

and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated stack buffer overflow in public-facing CGI script (/cgi/advanced/misc_main.cgi) directly enables arbitrary code execution on the exposed NAS device, mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-9428Shared CWE-119, CWE-121
CVE-2026-2886Shared CWE-119, CWE-121
CVE-2025-8017Shared CWE-119, CWE-121
CVE-2025-8816Shared CWE-119, CWE-121
CVE-2025-14665Shared CWE-119, CWE-121
CVE-2025-9247Shared CWE-119, CWE-121
CVE-2026-5604Shared CWE-119, CWE-121
CVE-2025-8824Shared CWE-119, CWE-121
CVE-2025-11386Shared CWE-119, CWE-121
CVE-2025-15190Shared CWE-119, CWE-121

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the stack-based buffer overflow in get_csrf_whites by validating and bounding inputs to the vulnerable CGI script.

prevent

Provides memory safeguards like stack canaries and non-executable stacks to prevent exploitation of the stack-based buffer overflow for arbitrary code execution.

preventdetect

Requires timely identification, reporting, and remediation of critical flaws like CVE-2026-7834, including patching or workarounds despite vendor non-response.

References