Описание
QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:qnap:viocard-30_firmware:2312_2.1.0:*:*:*:*:*:*:*
cpe:2.3:h:qnap:viocard-30:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:qnap:viocard-100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qnap:viocard-100:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
Одно из
cpe:2.3:o:qnap:viocard-300_firmware:rc_b3722:*:*:*:*:*:*:*
cpe:2.3:o:qnap:viocard-300_firmware:rs_b4631:*:*:*:*:*:*:*
cpe:2.3:h:qnap:viocard-300:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:qnap:viogate-340a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qnap:viogate-340a:-:*:*:*:*:*:*:*
Конфигурация 5
Одновременно
cpe:2.3:o:qnap:viogate-340_firmware:2308_2.1.0:*:*:*:*:*:*:*
cpe:2.3:h:qnap:viogate-340:-:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00369
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models.
EPSS
Процентиль: 58%
0.00369
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-798