Cross-Site Request Forgery Vulnerability in QNAP Helpdesk
CVE-2018-19948

2LOW

Key Information:

Vendor
QNAP
Status
Helpdesk
Vendor
CVE Published:
11 September 2020

Summary

QNAP Helpdesk has a cross-site request forgery vulnerability that allows attackers to trick NAS users into performing unintended actions within the application. This flaw affects earlier versions of Helpdesk and has been addressed in version 3.0.3 and later. Users are advised to update to the latest version to mitigate potential risks.

Affected Version(s)

Helpdesk < 3.0.3

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-05
x_refsource_MISC

CVSS V3.1

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Independent Security Evaluators
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.