Information Disclosure in QNAP Photo Station Product
CVE-2013-5760

Currently unrated

Key Information:

Vendor: Qnap
Status: Photo Station Firmware; Photo Station
Vendor: CVE Published:; 9 June 2014

Summary

A vulnerability in QNAP Photo Station allows remote attackers to exploit an insecure API endpoint, enabling them to enumerate OS user accounts. This issue affects versions prior to firmware 4.0.3 build0912, posing a risk of unauthorized information disclosure. When an attacker sends a targeted request to photo/p/api/list.php, they can gain insight into user account information, potentially facilitating further attacks. It is crucial for users of affected versions to upgrade their firmware to mitigate this security risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89117

vdb-entryx_refsource_XF

https://www3.trustwave.com/spiderlabs/advisories/TWSL2013...

x_refsource_MISC

Timeline

Vulnerability published
Jun 9, 2014
Vulnerability Reserved
Sep 18, 2013