Vulnerabilities > CVE-2013-0142 - Credentials Management vulnerability in Qnap products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

qnap

CWE-255

NVD

Published: 2013-06-07

Updated: 2013-06-10

Summary

QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
OS	Qnap Qnap Viostor Network Video Recorder 4.0.3	1
Hardware	Qnap Qnap Viostor Network Video Recorder - Qnap NAS -	2
Application	Qnap Qnap Surveillance Station PRO -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.kb.cert.org/vuls/id/927644