PT-2020-5349 · Qnap · Qes

Lodestone Security

Published

2020-12-23

Updated

2020-12-28

CVE-2020-2499

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QES versions prior to 2.1.1 Build 20200515

Description A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password and potentially elevate their privileges to execute arbitrary code.

Recommendations For versions prior to 2.1.1 Build 20200515, update to QES 2.1.1 Build 20200515 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-259CWE-798CWE-522

Related Identifiers

BDU:2021-00190

CVE-2020-2499

Affected Products

Qes

PT-2020-5349 · Qnap · Qes

CVE-2020-2499

Weakness Enumeration

Related Identifiers

Affected Products

References · 7