Main Vulnerability Database Vulnerabilities #VU48238

#VU48238 Security restrictions bypass in QNAP QTS

Published: November 10, 2020

Vulnerability identifier: #VU48238

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
QNAP QTS

Software vendor:
QNAP Systems, Inc.

Description

The vulnerabilities allow a remote attacker to bypass implemented security restrictions.

Multiple unspecified vulnerabilities have been identified and fixed in Surveillance Station, QVPN Service, Qfiling, Qsync Central, QcalAgent, and IFTTT Agent applications.

Remediation

Install updates from vendor's website.

External links

https://www.qnap.com/en/release-notes/qts/4.5.1.1480/20201108

#VU48238 Security restrictions bypass in QNAP QTS

Description

Remediation

External links

Please verify you're human