Improper Authorization Vulnerability in QNAP NAS Products
CVE-2018-14748

7.5HIGH

Key Information:

Vendor
Qnap
Status
Qnap Qts
Vendor
CVE Published:
28 November 2018

Summary

An improper authorization vulnerability exists in multiple versions of QNAP's QTS operating system, affecting various builds including 4.3.5 and earlier. This flaw may enable unauthenticated remote attackers to power off the Network Attached Storage (NAS) devices, thereby compromising the availability of the system. Users are encouraged to review their QNAP devices for potential exposure and apply recommended patches to mitigate the risk.

Affected Version(s)

QNAP QTS QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions

References

https://www.qnap.com/zh-tw/security-advisory/nas-201811-22
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.