CVE-2017-12582

Name of the Vulnerable Software and Affected Versions QNAP TS212P firmware 4.2.1 build 20160601

Description The issue concerns the Surveillance Station component in QNAP TS212P devices, where an unprivileged user can access all functions. Although the unprivileged user cannot log in through the front end, they can still access all functions in the Surveillance Station using their SID. This is related to insufficient access control to the device's functional capabilities, which could allow a remote attacker to gain unauthorized access and execute arbitrary commands.

Recommendations For QNAP TS212P firmware 4.2.1 build 20160601, consider restricting access to the Surveillance Station component until a fix is available. As a temporary workaround, limit the use of unprivileged user accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.