CVE-2017-7630Sensitive Information Exposure in Qnap QTS

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 54.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qnap QTS
Timeline
PublishedMar 27
Latest updateMay 14

Description

QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDqnap/qts4.2.6, 4.3.3+1

🔴Vulnerability Details

2
GHSA
GHSA-5j2q-5324-9hrh: QNAP QTS 42022-05-14
CVEList
CVE-2017-7630: QNAP QTS 42018-03-27
CVE-2017-7630 — Sensitive Information Exposure in Qnap | cvebase