Cross-Site Request Forgery Vulnerability in QNAP Proxy Server
CVE-2017-7635

8.8HIGH

Key Information:

Vendor
Qnap
Vendor
CVE Published:
5 June 2018

Summary

The QNAP Proxy Server application prior to version 1.2.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which allow unauthorized commands to be submitted on behalf of an authenticated user. This could potentially lead to data breaches and unauthorized access to sensitive information, compromising the integrity of user sessions and security of data within the QNAP environment.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.