CVE-2023-41290 — Path Traversal in Systems INC Qufirewall

CWE-22 — Path Traversal3 documents3 sources

Severity

4.9MEDIUMNVD

CNA4.1

EPSS

0.2%

top 56.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Qufirewall Qnap Qufirewall

Timeline

PublishedApr 26

Description

A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5qnap_systems_inc/qufirewall2.4.x — 2.4.1 ( 2024/02/01 )

▶NVDqnap/qufirewall2.4.0

🔴Vulnerability Details

GHSA

GHSA-f56q-4m6g-3xjv: A path traversal vulnerability has been reported to affect QuFirewall↗2024-04-26

▶

CVEList

QuFirewall↗2024-04-26

▶