CVE-2017-7638

CWE-287 — Improper Authentication4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 59.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Media Streaming Add-on Qnap Qnap Media Streaming Add-on

Timeline

PublishedMar 8

Latest updateMay 14

Description

QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶NVDqnap/media_streaming_add-on430.1.2.0+1

▶CVEListV5qnap/qnap_media_streaming_add-on421.1.0.2, 430.1.2.0, and earlier

🔴Vulnerability Details

GHSA

GHSA-jm5g-5386-4p5f: QNAP NAS application Media Streaming add-on version 421↗2022-05-14

▶

OSV

SDL 2.0 vulnerabilities↗2019-09-30

▶

CVEList

CVE-2017-7638: QNAP NAS application Media Streaming add-on version 421↗2018-03-08

▶