Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-5227Sensitive Information Exposure in Qnap QTS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
19.5%
top 4.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Qnap QTS
Timeline
PublishedMar 23
Latest updateMay 17

Description

QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDqnap/qts4.2.4

🔴Vulnerability Details

2
GHSA
GHSA-93ch-fp62-9c2w: QNAP QTS before 42022-05-17
CVEList
CVE-2017-5227: QNAP QTS before 42017-03-23

💥Exploits & PoCs

1
Exploit-DB
QNAP QTS < 4.2.4 - Domain Privilege Escalation2017-03-27
CVE-2017-5227 — Sensitive Information Exposure in Qnap | cvebase