CVE-2009-3278

Published Sep 21, 2009

Last updated a year ago

CVSS medium 5.5

Overview

Description: The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.9
Impact score: 6.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-338

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qnap:ts-239_pro_firmware:2.1.7:build0613:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F5C7FE8-D003-4640-9F64-0B2160236F8B"
          },
          {
            "criteria": "cpe:2.3:o:qnap:ts-239_pro_firmware:3.1.0:build0627:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA882F2B-0BEE-4233-AA06-AA926FF178F7"
          },
          {
            "criteria": "cpe:2.3:o:qnap:ts-239_pro_firmware:3.1.1:build0815:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95C06ACE-A307-485E-A929-C6125F817F73"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qnap:ts-239_pro:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F035666A-5CFC-43A2-AD57-20A3F0C5E747"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qnap:ts-639_pro_firmware:2.1.7:build0613:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7CFDE40-352B-472F-8448-49CA3CA850FA"
          },
          {
            "criteria": "cpe:2.3:o:qnap:ts-639_pro_firmware:3.1.0:build0627:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73D2A5A6-85A0-4DC9-9DFE-AD36D4F85893"
          },
          {
            "criteria": "cpe:2.3:o:qnap:ts-639_pro_firmware:3.1.1:build0815:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F574D92-A200-4883-9D79-BB035B857C63"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qnap:ts-639_pro:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CB1E8394-AE01-4838-8348-7E118350C21F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References