CSRF Vulnerability in QNAP NAS Media Streaming Add-On
CVE-2017-7641

8.8HIGH

Key Information:

Vendor
Qnap
Vendor
CVE Published:
8 March 2018

Summary

The QNAP NAS Media Streaming add-on versions 421.1.0.2, 430.1.2.0, and earlier are vulnerable to a Cross-Site Request Forgery (CSRF) attack. This vulnerability allows attackers to execute unauthorized commands on behalf of a logged-in user without their consent, potentially leading to unauthorized access or manipulation of user data. It's critical for users to apply the latest updates and implement additional security measures to safeguard their NAS devices.

Affected Version(s)

QNAP Media Streaming Add-On 421.1.0.2, 430.1.2.0, and earlier

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.