QuFirewall Path Traversal Vulnerability Could Expose Sensitive Data

CVE-2023-41290

4.1MEDIUM

Key Information

Vendor: QNAP
Status: Qufirewall
Vendor: CVE Published:; 26 April 2024

Summary

A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later

Affected Version(s)

QuFirewall < 2.4.1 ( 2024/02/01 )

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Apr 26, 2024
Vulnerability Reserved.
Aug 28, 2023

Collectors

NVD DatabaseMitre Database

Credit

lebr0nli (Alan Li), working with DEVCORE Internship Program