QuFirewall Path Traversal Vulnerability Could Expose Sensitive Data
CVE-2023-41291

5.5MEDIUM

Key Information:

Vendor: QNAP
Status: Qufirewall
Vendor: CVE Published:; 26 April 2024

Summary

A path traversal vulnerability has been identified in QuFirewall, which may allow authenticated administrators to access and read contents from unexpected files. This could potentially lead to the exposure of sensitive data over the network, increasing the risk of unauthorized information access. To protect against this vulnerability, users are strongly advised to update to QuFirewall version 2.4.1 or later, where this issue has been resolved.

Affected Version(s)

QuFirewall 2.4.x < 2.4.1 ( 2024/02/01 )

References

https://www.qnap.com/en/security-advisory/qsa-24-17

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 26, 2024
Vulnerability Reserved
Aug 28, 2023

Credit

lebr0nli (Alan Li), working with DEVCORE Internship Program