Overview
- Description
- A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
- Source
- security@qnapsecurity.com.tw
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "743F5071-0DE8-432A-9A85-81A4519A6DA1",
"versionEndIncluding": "4.3.3.0378"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0358:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D560B30D-6A9F-4A44-B83B-4FAB02A94830"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0370:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACB33269-7F69-45DA-9CF0-B0322FFC577D"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0372:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CABE783-B9CA-4E15-8DC2-75C39F214600"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0374:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8B39FE2-79A9-478C-AE83-8D9664A6D1F8"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0387:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEA6AF09-BCB3-45EE-A59F-5A6CEFE8CBAC"
}
],
"operator": "OR"
}
]
}
]