Vulnerabilities > CVE-2017-12582 - Missing Authorization vulnerability in Qnap Ts-212P Firmware 4.2.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
qnap
CWE-862

Summary

Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.

Vulnerable Configurations

Part Description Count
OS
Qnap
1
Hardware
Qnap
1

Common Weakness Enumeration (CWE)