QuFirewall Path Traversal Vulnerability Could Expose Sensitive Data
CVE-2023-41290

4.1MEDIUM

Key Information:

Vendor
QNAP
Vendor
CVE Published:
26 April 2024

Summary

A critical path traversal vulnerability has been identified in QuFirewall, enabling authenticated administrators to access files that should remain protected. This incident can lead to unauthorized exposure of sensitive information over the network. The vendor has addressed this vulnerability in QuFirewall version 2.4.1, released on February 1, 2024. It is imperative for users to update their systems promptly to mitigate the risks associated with this vulnerability.

Affected Version(s)

QuFirewall 2.4.x < 2.4.1 ( 2024/02/01 )

References

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lebr0nli (Alan Li), working with DEVCORE Internship Program
.