exploitDog

GHSA-fwrf-6v6g-jrvx

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.

Ссылки

EPSS

Процентиль: 42%

0.00198

Низкий

CVE ID

Дефекты

CWE-798

Связанные уязвимости

CVE-2020-2499

CVSS3: 6.3

nvd

около 5 лет назад

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.

BDU:2021-00190

CVSS3: 6.3

fstec

около 5 лет назад

Уязвимость операционной систем QES, связанная с использованием жёсткого кодирования паролей, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

EPSS

Процентиль: 42%

0.00198

Низкий

CVE ID

Дефекты

CWE-798