QuFirewall Path Traversal Vulnerability Could Expose Sensitive Data
CVE-2023-41291

5.5MEDIUM

Key Information:

Vendor
QNAP
Vendor
CVE Published:
26 April 2024

Summary

A path traversal vulnerability has been identified in QuFirewall, which may allow authenticated administrators to access and read contents from unexpected files. This could potentially lead to the exposure of sensitive data over the network, increasing the risk of unauthorized information access. To protect against this vulnerability, users are strongly advised to update to QuFirewall version 2.4.1 or later, where this issue has been resolved.

Affected Version(s)

QuFirewall 2.4.x < 2.4.1 ( 2024/02/01 )

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lebr0nli (Alan Li), working with DEVCORE Internship Program
.