CVE-2009-3279

Name of the Vulnerable Software and Affected Versions QNAP TS-239 Pro and TS-639 Pro versions 2.1.7 0613, 3.1.0 0627, 3.1.1 0815

Description The issue allows local users to obtain sensitive information via a watermark attack because the firmware creates a LUKS partition using the AES-256 cipher in plain CBC mode.

Recommendations For versions 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815, consider updating the firmware to a version that uses a secure cipher mode, such as GCM or EAX, to mitigate the risk of a watermark attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.