Vulnerabilities > Qnap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-07 | CVE-2013-0144 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap Viostor Network Video Recorder 4.0.3 Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action. | 6.8 |
| 2013-06-07 | CVE-2013-0143 | Code Injection vulnerability in Qnap products cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. | 6.5 |
| 2013-06-07 | CVE-2013-0142 | Credentials Management vulnerability in Qnap products QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. | 5.0 |
| 2009-09-21 | CVE-2009-3279 | Cryptographic Issues vulnerability in Qnap Ts-239 PRO Turbo NAS and Ts-639 PRO Turbo NAS The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack. | 4.9 |
| 2009-09-21 | CVE-2009-3278 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qnap Ts-239 PRO Firmware and Ts-639 PRO Firmware The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack. | 5.5 |
| 2009-09-21 | CVE-2009-3200 | Cryptographic Issues vulnerability in Qnap Ts-239 PRO Turbo NAS and Ts-639 PRO Turbo NAS The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command. | 5.9 |