Brute Force Vulnerability in QNAP NAS Devices
CVE-2009-3278

5.5MEDIUM

Key Information:

Vendor

Qnap
Status
Ts-239 Pro Turbo Nas
Ts-639 Pro Turbo Nas
Vendor
CVE Published:
21 September 2009

What is CVE-2009-3278?

The QNAP TS-239 Pro and TS-639 Pro devices contain a vulnerability that allows local users to exploit the rand library function used in generating recovery keys. This flaw enables potential attackers to determine these keys through brute-force attacks, thereby compromising the integrity of the device's security measures. Users with these firmware versions should take immediate action to secure their systems.

References

http://www.baseline-security.de/downloads/BSC-Qnap_Crypto...
x_refsource_MISC
http://secunia.com/advisories/36793
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/506607/100/0/threaded
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.