CVE-2018-14748

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.5HIGH

EPSS

0.6%

top 29.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Qnap QTS Qnap QTS

Timeline

PublishedNov 28

Latest updateMay 13

Description

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDqnap/qts4 versions+3

▶CVEListV5qnap/qnap_qtsQTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions

🔴Vulnerability Details

GHSA

GHSA-v8ph-ffvg-pwj3: Improper Authorization vulnerability in QTS 4↗2022-05-13

▶

CVEList

CVE-2018-14748: Improper Authorization vulnerability in QTS 4↗2018-11-28

▶