MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2020-2499

CVSS 6.3v3.1pub. 2020-12-24upd. 2024-11-21

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
  • Qnap Qes

    APP
    Qnap
    2.1.1< 2.1.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2020-2503CRITICAL9.0ten sam produkt

If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious ...

CVE-2020-2504MEDIUM5.8ten sam produkt

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Stati...

CVE-2020-2505LOW2.3ten sam produkt

If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error m...

CVE-2022-27593CRITICAL10.0⚠ KEVten sam vendor

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...

CVE-2021-28799CRITICAL10.0⚠ KEVten sam vendor

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync...