All the vulnerabilites related to QNAP - QTS FTP service
cve-2017-17027
Vulnerability from cvelistv5
Published
2017-12-21 15:00
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040018 | vdb-entry, x_refsource_SECTRACK | |
| https://www.qnap.com/zh-tw/security-advisory/nas-201712-15 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | QNAP | QTS FTP service |
Version: 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QTS FTP service",
"vendor": "QNAP",
"versions": [
{
"status": "affected",
"version": "4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116"
}
]
}
],
"datePublic": "2017-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T10:57:01",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"name": "1040018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2017-12-15T00:00:00",
"ID": "CVE-2017-17027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QTS FTP service",
"version": {
"version_data": [
{
"version_value": "4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116"
}
]
}
}
]
},
"vendor_name": "QNAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040018"
},
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2017-17027",
"datePublished": "2017-12-21T15:00:00Z",
"dateReserved": "2017-11-28T00:00:00",
"dateUpdated": "2024-09-16T17:08:54.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}