Cross-Site Request Forgery Vulnerability in QNAP Helpdesk
CVE-2018-19948

2LOW

Key Information:

Vendor: QNAP
Status: Helpdesk
Vendor: CVE Published:; 11 September 2020

What is CVE-2018-19948?

QNAP Helpdesk has a cross-site request forgery vulnerability that allows attackers to trick NAS users into performing unintended actions within the application. This flaw affects earlier versions of Helpdesk and has been addressed in version 3.0.3 and later. Users are advised to update to the latest version to mitigate potential risks.

Affected Version(s)

Helpdesk < 3.0.3

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-05

x_refsource_MISC

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2020
Vulnerability Reserved
Dec 7, 2018

Credit

Independent Security Evaluators