CVE-2015-6003Path Traversal in Qnap QTS

CWE-22Path Traversal3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
2.1%
top 15.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qnap QTS
Timeline
PublishedOct 16
Latest updateMay 17

Description

Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDqnap/qts4.1.4+1

🔴Vulnerability Details

2
GHSA
GHSA-pq58-vrj9-63x8: Directory traversal vulnerability in QNAP QTS before 42022-05-17
CVEList
CVE-2015-6003: Directory traversal vulnerability in QNAP QTS before 42015-10-16
CVE-2015-6003 — Path Traversal in Qnap QTS | cvebase