Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for nas_proxy_server by qnap
CVE-2021-34360 (GCVE-0-2021-34360)
Vulnerability from cvelistv5 – Published: 2022-05-26 07:20 – Updated: 2024-09-16 19:56
VLAI
Title
CSRF Bypass in Proxy Server
Summary
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity
5.3 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-18 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.3 ( 2022/01/18 )
(custom)
|
Date Public
2022-05-26 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h5.0.0"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.3 ( 2022/01/18 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTScloud c4.5.6"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T07:20:09.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\nQuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later\nQuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-18",
"discovery": "EXTERNAL"
},
"title": "CSRF Bypass in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-05-26T14:43:00.000Z",
"ID": "CVE-2021-34360",
"STATE": "PUBLIC",
"TITLE": "CSRF Bypass in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.2 ( 2021/12/30 )"
},
{
"platform": "QuTS hero h5.0.0",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.3 ( 2022/01/18 )"
},
{
"platform": "QuTScloud c4.5.6",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-18",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\nQuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later\nQuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-18",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34360",
"datePublished": "2022-05-26T07:20:10.040Z",
"dateReserved": "2021-06-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:56:08.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34361 (GCVE-0-2021-34361)
Vulnerability from cvelistv5 – Published: 2022-02-25 06:10 – Updated: 2024-09-16 17:49
VLAI
Title
Reflected XSS Vulnerability in Proxy Server
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity
5.3 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-04 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
Date Public
2022-02-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T06:10:12.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS Vulnerability in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-02-24T22:38:00.000Z",
"ID": "CVE-2021-34361",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS Vulnerability in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-04",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34361",
"datePublished": "2022-02-25T06:10:12.550Z",
"dateReserved": "2021-06-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:49:13.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34359 (GCVE-0-2021-34359)
Vulnerability from cvelistv5 – Published: 2022-02-25 06:10 – Updated: 2024-09-17 01:12
VLAI
Title
Stored XSS Vulnerability in Proxy Server
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity
6.9 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-04 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
Date Public
2022-02-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T06:10:10.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
},
"title": "Stored XSS Vulnerability in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-02-24T23:01:00.000Z",
"ID": "CVE-2021-34359",
"STATE": "PUBLIC",
"TITLE": "Stored XSS Vulnerability in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-04",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34359",
"datePublished": "2022-02-25T06:10:10.788Z",
"dateReserved": "2021-06-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:12:01.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7636 (GCVE-0-2017-7636)
Vulnerability from cvelistv5 – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI
Summary
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/nas-201806-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041025 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7636",
"datePublished": "2018-06-05T21:00:00.000Z",
"dateReserved": "2017-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:12:27.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7639 (GCVE-0-2017-7639)
Vulnerability from cvelistv5 – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI
Summary
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/nas-201806-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041025 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7639",
"datePublished": "2018-06-05T21:00:00.000Z",
"dateReserved": "2017-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:12:27.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7637 (GCVE-0-2017-7637)
Vulnerability from cvelistv5 – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI
Summary
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/nas-201806-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041025 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7637",
"datePublished": "2018-06-05T21:00:00.000Z",
"dateReserved": "2017-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:12:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7635 (GCVE-0-2017-7635)
Vulnerability from cvelistv5 – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI
Summary
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/nas-201806-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041025 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7635",
"datePublished": "2018-06-05T21:00:00.000Z",
"dateReserved": "2017-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:12:27.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34360 (GCVE-0-2021-34360)
Vulnerability from nvd – Published: 2022-05-26 07:20 – Updated: 2024-09-16 19:56
VLAI
Title
CSRF Bypass in Proxy Server
Summary
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity
5.3 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-18 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.3 ( 2022/01/18 )
(custom)
|
Date Public
2022-05-26 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h5.0.0"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.3 ( 2022/01/18 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTScloud c4.5.6"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T07:20:09.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\nQuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later\nQuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-18",
"discovery": "EXTERNAL"
},
"title": "CSRF Bypass in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-05-26T14:43:00.000Z",
"ID": "CVE-2021-34360",
"STATE": "PUBLIC",
"TITLE": "CSRF Bypass in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.2 ( 2021/12/30 )"
},
{
"platform": "QuTS hero h5.0.0",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.3 ( 2022/01/18 )"
},
{
"platform": "QuTScloud c4.5.6",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-18",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\nQuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later\nQuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-18",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34360",
"datePublished": "2022-05-26T07:20:10.040Z",
"dateReserved": "2021-06-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:56:08.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34361 (GCVE-0-2021-34361)
Vulnerability from nvd – Published: 2022-02-25 06:10 – Updated: 2024-09-16 17:49
VLAI
Title
Reflected XSS Vulnerability in Proxy Server
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity
5.3 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-04 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
Date Public
2022-02-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T06:10:12.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS Vulnerability in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-02-24T22:38:00.000Z",
"ID": "CVE-2021-34361",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS Vulnerability in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-04",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34361",
"datePublished": "2022-02-25T06:10:12.550Z",
"dateReserved": "2021-06-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:49:13.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34359 (GCVE-0-2021-34359)
Vulnerability from nvd – Published: 2022-02-25 06:10 – Updated: 2024-09-17 01:12
VLAI
Title
Stored XSS Vulnerability in Proxy Server
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity
6.9 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-04 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
Date Public
2022-02-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T06:10:10.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
},
"title": "Stored XSS Vulnerability in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-02-24T23:01:00.000Z",
"ID": "CVE-2021-34359",
"STATE": "PUBLIC",
"TITLE": "Stored XSS Vulnerability in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-04",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34359",
"datePublished": "2022-02-25T06:10:10.788Z",
"dateReserved": "2021-06-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:12:01.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7636 (GCVE-0-2017-7636)
Vulnerability from nvd – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI
Summary
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/nas-201806-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041025 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7636",
"datePublished": "2018-06-05T21:00:00.000Z",
"dateReserved": "2017-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:12:27.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7639 (GCVE-0-2017-7639)
Vulnerability from nvd – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI
Summary
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/nas-201806-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041025 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7639",
"datePublished": "2018-06-05T21:00:00.000Z",
"dateReserved": "2017-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:12:27.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7637 (GCVE-0-2017-7637)
Vulnerability from nvd – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI
Summary
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/nas-201806-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041025 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7637",
"datePublished": "2018-06-05T21:00:00.000Z",
"dateReserved": "2017-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:12:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7635 (GCVE-0-2017-7635)
Vulnerability from nvd – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI
Summary
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/nas-201806-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041025 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7635",
"datePublished": "2018-06-05T21:00:00.000Z",
"dateReserved": "2017-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:12:27.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}