PT-2020-8652 · Qnap · Qnap Nas

Published

2020-12-31

Updated

2021-01-07

CVE-2018-19941

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: QNAP NAS versions prior to QTS 4.5.1.1456 build 20201015 QNAP NAS versions prior to QuTS hero h4.5.1.1472 build 20201031 QNAP NAS versions prior to QuTScloud c4.5.2.1379 build 20200730

Description: A vulnerability has been reported to affect QNAP NAS, allowing an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools.

Recommendations: For QNAP NAS versions prior to QTS 4.5.1.1456 build 20201015, update to QTS 4.5.1.1456 build 20201015 or later. For QNAP NAS versions prior to QuTS hero h4.5.1.1472 build 20201031, update to QuTS hero h4.5.1.1472 build 20201031 or later. For QNAP NAS versions prior to QuTScloud c4.5.2.1379 build 20200730, update to QuTScloud c4.5.2.1379 build 20200730 or later.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-315CWE-312

Related Identifiers

CVE-2018-19941

Affected Products

Qnap Nas

PT-2020-8652 · Qnap · Qnap Nas

CVE-2018-19941

Weakness Enumeration

Related Identifiers

Affected Products

References · 3