CVE-2015-7261

CWE-2554 documents4 sources
Severity
9.8CRITICAL
EPSS
0.3%
top 51.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Iartist LiteQnap Signage Station
Timeline
PublishedFeb 27
Latest updateMay 17

Description

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDqnap/iartist_lite1.4.53.1

🔴Vulnerability Details

3
GHSA
GHSA-wqjc-j89r-w9vh: The FTP service in QNAP iArtist Lite before 12022-05-17
CVEList
CVE-2015-7261: The FTP service in QNAP iArtist Lite before 12016-02-27
VulnCheck
QNAP iArtist Lite before 1.4.54 FTP Security Bypass2015
CVE-2015-7261 (CRITICAL CVSS 9.8) | The FTP service in QNAP iArtist Lit | cvebase.io