CVE-2017-17032Improper Restriction of Operations within the Bounds of a Memory Buffer in Qnap QTS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.2%
top 12.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap QTSQnap QTS Password Function
Timeline
PublishedDec 21
Latest updateMay 14

Description

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5qnap/qts_password_function4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier
NVDqnap/qts4.3.3.0378+5

🔴Vulnerability Details

2
GHSA
GHSA-ghp6-px4v-886p: A buffer overflow vulnerability in password function in QNAP QTS version 42022-05-14
CVEList
CVE-2017-17032: A buffer overflow vulnerability in password function in QNAP QTS version 42017-12-21
CVE-2017-17032 — Qnap QTS vulnerability | cvebase