Improper Access Control in QNAP Helpdesk Product
CVE-2018-0728

7.5HIGH

Key Information:

Vendor: Qnap
Status: Qnap Nas Devices
Vendor: CVE Published:; 4 December 2019

Summary

The improper access control vulnerability in QNAP's Helpdesk platform allows attackers to gain unauthorized access to sensitive system logs. This can potentially expose confidential information and lead to security breaches. To mitigate this issue, QNAP recommends users to update their QTS and Helpdesk applications to the latest available versions to safeguard against unauthorized access.

Affected Version(s)

QNAP NAS devices All QTS versions: Helpdesk before version 3.0.0

References

https://www.qnap.com/zh-tw/security-advisory/nas-201911-20

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2019
Vulnerability Reserved
Nov 28, 2017