Vulnerabilities > CVE-2009-3278 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qnap Ts-239 PRO Firmware and Ts-639 PRO Firmware

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

qnap

CWE-338

NVD

Published: 2009-09-21

Updated: 2024-04-02

Summary

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.

Vulnerable Configurations

Part	Description	Count
OS	Qnap Qnap TS 239 PRO Firmware 2.1.7 Qnap TS 239 PRO Firmware 3.1.0 Qnap TS 239 PRO Firmware 3.1.1 Qnap TS 639 PRO Firmware 2.1.7 Qnap TS 639 PRO Firmware 3.1.0 Qnap TS 639 PRO Firmware 3.1.1	6
Hardware	Qnap Qnap TS 239 PRO - Qnap TS 639 PRO -	2

Common Weakness Enumeration (CWE)

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References