CVE-2015-7261

9.8CRITICAL

Key Information:

Vendor: Qnap
Status: Iartist Lite; Signage Station
Vendor: CVE Published:; 27 February 2016

Summary

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.

References

http://www.kb.cert.org/vuls/id/444472

third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2016
Vulnerability Reserved
Sep 18, 2015