Описание
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.3.3.0378 (включая)
Одно из
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.0358:beta1:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.0370:beta1:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.0372:beta1:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.0374:beta1:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.0387:beta2:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03236
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-119
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
EPSS
Процентиль: 87%
0.03236
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-119