The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.
References
Link | Resource |
---|---|
http://secunia.com/advisories/36793 | Broken Link |
http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt | Exploit |
http://www.securityfocus.com/archive/1/506607/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/36467 | Broken Link Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
02 Apr 2024, 17:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:qnatp:ts-239_pro_firmware:3.1.1_0815:*:*:*:*:*:*:* cpe:2.3:o:qnatp:ts-639_pro_firmware:3.1.0_0627:*:*:*:*:*:*:* cpe:2.3:o:qnatp:ts-239_pro_firmware:2.1.7_0613:*:*:*:*:*:*:* cpe:2.3:h:qnatp:ts-239_pro:-:*:*:*:*:*:*:* cpe:2.3:h:qnatp:ts-639_pro:-:*:*:*:*:*:*:* cpe:2.3:o:qnatp:ts-639_pro_firmware:2.1.7_0613:*:*:*:*:*:*:* cpe:2.3:o:qnatp:ts-639_pro_firmware:3.1.1_0815:*:*:*:*:*:*:* |
cpe:2.3:h:qnap:ts-239_pro:-:*:*:*:*:*:*:* cpe:2.3:h:qnap:ts-639_pro:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:ts-239_pro_firmware:2.1.7:build0613:*:*:*:*:*:* cpe:2.3:o:qnap:ts-639_pro_firmware:3.1.1:build0815:*:*:*:*:*:* cpe:2.3:o:qnap:ts-639_pro_firmware:2.1.7:build0613:*:*:*:*:*:* cpe:2.3:o:qnap:ts-239_pro_firmware:3.1.0:build0627:*:*:*:*:*:* cpe:2.3:o:qnap:ts-639_pro_firmware:3.1.0:build0627:*:*:*:*:*:* cpe:2.3:o:qnap:ts-239_pro_firmware:3.1.1:build0815:*:*:*:*:*:* |
First Time |
Qnap ts-639 Pro
Qnap ts-639 Pro Firmware Qnap ts-239 Pro Firmware Qnap Qnap ts-239 Pro |
15 Feb 2024, 03:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:qnap:ts-639_pro_turbo_nas:3.1.1_0815:*:*:*:*:*:*:* cpe:2.3:h:qnap:ts-239_pro_turbo_nas:3.1.1_0815:*:*:*:*:*:*:* cpe:2.3:h:qnap:ts-639_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:* cpe:2.3:h:qnap:ts-639_pro_turbo_nas:3.1.0_0627:*:*:*:*:*:*:* cpe:2.3:h:qnap:ts-239_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:* |
cpe:2.3:h:qnatp:ts-239_pro:-:*:*:*:*:*:*:* cpe:2.3:o:qnatp:ts-639_pro_firmware:3.1.1_0815:*:*:*:*:*:*:* cpe:2.3:o:qnatp:ts-239_pro_firmware:2.1.7_0613:*:*:*:*:*:*:* cpe:2.3:o:qnatp:ts-239_pro_firmware:3.1.1_0815:*:*:*:*:*:*:* cpe:2.3:h:qnatp:ts-639_pro:-:*:*:*:*:*:*:* cpe:2.3:o:qnatp:ts-239_pro_firmware:3.1.0_0627:*:*:*:*:*:*:* cpe:2.3:o:qnatp:ts-639_pro_firmware:3.1.0_0627:*:*:*:*:*:*:* cpe:2.3:o:qnatp:ts-639_pro_firmware:2.1.7_0613:*:*:*:*:*:*:* |
First Time |
Qnatp ts-239 Pro Firmware
Qnatp ts-239 Pro Qnatp ts-639 Pro Qnatp Qnatp ts-639 Pro Firmware |
|
References | (SECUNIA) http://secunia.com/advisories/36793 - Broken Link | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/506607/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/36467 - Broken Link, Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 5.5 |
CWE | CWE-338 |
Information
Published : 2009-09-21 19:30
Updated : 2024-04-02 17:58
NVD link : CVE-2009-3278
Mitre link : CVE-2009-3278
CVE.ORG link : CVE-2009-3278
JSON object : View
Products Affected
qnap
- ts-239_pro
- ts-639_pro_firmware
- ts-239_pro_firmware
- ts-639_pro
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)