Authentication Bypass Vulnerability in QNAP NAS Proxy Server
CVE-2017-7639

5.3MEDIUM

Key Information:

Vendor: Qnap
Status: Nas Proxy Server
Vendor: CVE Published:; 5 June 2018

What is CVE-2017-7639?

The Proxy Server application on QNAP NAS devices, prior to version 1.2.0, has a security flaw that permits unauthorized access due to improper authentication. Attackers can exploit this vulnerability to manipulate the Proxy Server settings, potentially compromising the integrity of the device and its network. For detailed information and remediation, refer to the QNAP security advisory.

References

https://www.qnap.com/en/security-advisory/nas-201806-01

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041025

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2018
Vulnerability Reserved
Apr 10, 2017

Qnap

What is CVE-2017-7639?

References

CVSS V3.1

Timeline