cnvd-2017-05077
Vulnerability from cnvd

Title: QNAP高通组件存在多个安全漏洞

Description:

QNAP是威联通(QNAP Systems)公司研发的一套Turbo NAS作业系统。

QNAP QTAP高通组件存在多个安全漏洞,包括命令注入、信息泄露等漏洞。攻击者可利用漏洞执行任意代码、绕过安全机制、获取敏感信息等。

Severity:

Formal description:

目前没有详细的解决方案提供: https://www.qnap.com/

Reference: http://www.securityfocus.com/bid/97072

Impacted products
Name
['QNAP Security QNAP QTS 4.0.3', 'QNAP QTS 4.1.4 Build 0910', 'QNAP QTS 4.1.4', 'QNAP QTS 4.1', 'QNAP QTS 4.0.3', 'QNAP QTS 4.2.4', 'QNAP QTS 4.2.1 Build 20160601', 'QNAP QTS 4.2.0', 'QNAP QTS <4.2.4']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "97072"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5227"
    }
  },
  "description": "QNAP\u662f\u5a01\u8054\u901a\uff08QNAP Systems\uff09\u516c\u53f8\u7814\u53d1\u7684\u4e00\u5957Turbo NAS\u4f5c\u4e1a\u7cfb\u7edf\u3002 \r\n\r\nQNAP QTAP\u9ad8\u901a\u7ec4\u4ef6\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5305\u62ec\u547d\u4ee4\u6ce8\u5165\u3001\u4fe1\u606f\u6cc4\u9732\u7b49\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3001\u7ed5\u8fc7\u5b89\u5168\u673a\u5236\u3001\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u7b49\u3002",
  "discovererName": "Pasquale Fiorillo, Guido Oricchio of PCego, Peter Kostiuk ,Harry Sintonen of F-Secure,Oliver Gruskovnjak",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.qnap.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05077",
  "openTime": "2017-04-24",
  "products": {
    "product": [
      "QNAP Security QNAP QTS 4.0.3",
      "QNAP QTS 4.1.4 Build 0910",
      "QNAP QTS 4.1.4",
      "QNAP QTS 4.1",
      "QNAP QTS 4.0.3",
      "QNAP QTS 4.2.4",
      "QNAP QTS 4.2.1 Build 20160601",
      "QNAP QTS 4.2.0",
      "QNAP QTS \u003c4.2.4"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97072",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-27",
  "title": "QNAP\u9ad8\u901a\u7ec4\u4ef6\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.