MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2020-2504

CVSS 5.8v3.1pub. 2020-12-24upd. 2024-11-21

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
  • Qnap Qes

    APP
    Qnap
    2.1.1< 2.1.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2020-2503CRITICAL9.0ten sam produkt

If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious ...

CVE-2020-2499MEDIUM6.3ten sam produkt

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vu...

CVE-2020-2505LOW2.3ten sam produkt

If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error m...

CVE-2022-27593CRITICAL10.0⚠ KEVten sam vendor

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...

CVE-2021-28799CRITICAL10.0⚠ KEVten sam vendor

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync...