Joerg Mertin

**Name of the Vulnerable Software and Affected Versions** QNAP TS-469U version 4.0.7 Build 20140410 QNAP TS-459U (affected versions not specified) QNAP TS-EC1679U-RP (affected versions not specified) QNAP SS-839 (affected versions not specified) **Description** The issue allows local users to obtain usernames and hashed passwords by reading the password file due to world-readable permissions for /etc/config/shadow. **Recommendations** For QNAP TS-469U version 4.0.7 Build 20140410, consider changing the permissions of /etc/config/shadow to restrict access. For QNAP TS-459U, TS-EC1679U-RP, and SS-839, at the moment, there is no information about a newer version that contains a fix for this vulnerability.