Improper Access Control in QNAP Helpdesk Product
CVE-2018-0728

7.5HIGH

Key Information:

Vendor
Qnap
Vendor
CVE Published:
4 December 2019

Summary

The improper access control vulnerability in QNAP's Helpdesk platform allows attackers to gain unauthorized access to sensitive system logs. This can potentially expose confidential information and lead to security breaches. To mitigate this issue, QNAP recommends users to update their QTS and Helpdesk applications to the latest available versions to safeguard against unauthorized access.

Affected Version(s)

QNAP NAS devices All QTS versions: Helpdesk before version 3.0.0

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.