CVE-2009-3200

Name of the Vulnerable Software and Affected Versions QNAP TS-239 Pro versions 2.1.7 0613, 3.1.0 0627, 3.1.1 0815 QNAP TS-639 Pro versions 2.1.7 0613, 3.1.0 0627, 3.1.1 0815

Description The issue allows local users to bypass the passphrase requirement and decrypt the hard drive. This is achieved by reading the undocumented recovery key stored in the ENCK variable in flash memory, deobfuscating the key, and running a cryptsetup luksOpen command.

Recommendations For QNAP TS-239 Pro and TS-639 Pro versions 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815, consider restricting access to the flash memory to prevent unauthorized users from reading the ENCK variable. As a temporary workaround, limit local user privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.