Published: 23/03/2017 Updated: 16/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

QNAP QTS prior to 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qnap qts

QNAP QTS Domain Privilege Escalation Vulnerability Name Sensitive Data Exposure in QNAP QTS Systems Affected QNAP QTS (NAS) all model and all versions < 424 Severity High 79/10 Impact CVSS:30/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L Vendor wwwqnapcom/ Advisory wwwushit ...

QNAP QTS versions prior to 424 suffer from a sensitive data exposure vulnerability that allows for privilege escalation ...

CWE-200 https://www.qnap.com/en-us/releasenotes/https://www.qnap.com/en/support/con_show.php?cid=113 http://www.securitytracker.com/id/1038091 http://www.ush.it/team/ush/hack-qnap/qnap.txt http://www.securityfocus.com/bid/97056 http://www.securityfocus.com/bid/97072 https://www.exploit-db.com/exploits/41745/https://nvd.nist.gov https://www.exploit-db.com/exploits/41745/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-5227

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect