QuFirewall Path Traversal Vulnerability Could Expose Sensitive Data
CVE-2023-41290

4.1MEDIUM

Key Information:

Vendor: QNAP
Status: Qufirewall
Vendor: CVE Published:; 26 April 2024

Summary

A critical path traversal vulnerability has been identified in QuFirewall, enabling authenticated administrators to access files that should remain protected. This incident can lead to unauthorized exposure of sensitive information over the network. The vendor has addressed this vulnerability in QuFirewall version 2.4.1, released on February 1, 2024. It is imperative for users to update their systems promptly to mitigate the risks associated with this vulnerability.

Affected Version(s)

QuFirewall 2.4.x < 2.4.1 ( 2024/02/01 )

References

https://www.qnap.com/en/security-advisory/qsa-24-17

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 26, 2024
Vulnerability Reserved
Aug 28, 2023

Credit

lebr0nli (Alan Li), working with DEVCORE Internship Program