A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cg…

A stack-based buffer overflow vulnerability (CVE-2026-7834) has been discovered in EFM ipTIME NAS1dual version 1.5.24. The vulnerability affects the get_csrf_whites function in the /cgi/advanced/misc_main.cgi file and can be exploited remotely. The exploit has been publicly disclosed and is available for use. The vendor was contacted about the disclosure but did not respond. This represents a high-risk vulnerability in IoT network attached storage devices that could allow remote attackers to execute arbitrary code through buffer overflow exploitation.