CVE-2020-2499Use of Hard-coded Password in Systems INC QES

CWE-259Use of Hard-coded PasswordCWE-522Insufficiently Protected CredentialsCWE-798Hard-coded Credentials3 documents3 sources
Severity
7.2HIGHNVD
CNA6.3
EPSS
0.2%
top 58.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QESQnap QES
Timeline
PublishedDec 24
Latest updateMay 24

Description

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDqnap/qes< 2.1.1+1
CVEListV5qnap_systems_inc/qesunspecified2.1.1

🔴Vulnerability Details

2
GHSA
GHSA-fwrf-6v6g-jrvx: A hard-coded password vulnerability has been reported to affect earlier versions of QES2022-05-24
CVEList
Hard-coded Password Vulnerability in QES2020-12-24
CVE-2020-2499 — Use of Hard-coded Password | cvebase