CVE-2017-7638

QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.4 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.qnap.com/zh-tw/security-advisory/nas-201803-08	Vendor Advisory
https://www.qnap.com/zh-tw/security-advisory/nas-201803-08	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:32

Type	Values Removed	Values Added
References	~~() https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 - Vendor Advisory~~	() https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 - Vendor Advisory

Information

Published : 2018-03-08 14:29

Updated : 2024-11-21 03:32

NVD link : CVE-2017-7638

Mitre link : CVE-2017-7638

CVE.ORG link : CVE-2017-7638

JSON object : View

Products Affected

qnap

qts
media_streaming_add-on

CWE

CWE-287

Improper Authentication

{"id": "CVE-2017-7638", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2018-03-08T14:29:00.410", "references": [{"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08", "tags": ["Vendor Advisory"], "source": "security@qnapsecurity.com.tw"}, {"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS."}, {"lang": "es", "value": "El add-on Media Streaming de la aplicaci\u00f3n NAS de QNAP en versiones 421.1.0.2, 430.1.2.0 y anteriores no autentica las peticiones correctamente. Su explotaci\u00f3n exitosa podr\u00eda provocar que se cambie la configuraci\u00f3n de Media Streaming y que se fugue informaci\u00f3n sensible del NAS de QNAP."}], "lastModified": "2024-11-21T03:32:20.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF3F2E18-39EA-416E-8351-88D492F10423", "versionEndIncluding": "430.1.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C5994C07-17FE-4784-9FA4-9675BA8B4743"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12C164C9-CD35-48D5-9856-0CEC646E63C6", "versionEndIncluding": "421.1.0.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "939BC735-3214-4222-91A7-F24A8B66B218", "versionEndIncluding": "4.2.6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@qnapsecurity.com.tw"}