Search criteria
14 vulnerabilities found for nas_proxy_server by qnap
CVE-2021-34360 (GCVE-0-2021-34360)
Vulnerability from nvd – Published: 2022-05-26 07:20 – Updated: 2024-09-16 19:56
VLAI?
Title
CSRF Bypass in Proxy Server
Summary
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Tony Martin, a security researcher
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h5.0.0"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.3 ( 2022/01/18 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTScloud c4.5.6"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T07:20:09",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\nQuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later\nQuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-18",
"discovery": "EXTERNAL"
},
"title": "CSRF Bypass in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-05-26T14:43:00.000Z",
"ID": "CVE-2021-34360",
"STATE": "PUBLIC",
"TITLE": "CSRF Bypass in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.2 ( 2021/12/30 )"
},
{
"platform": "QuTS hero h5.0.0",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.3 ( 2022/01/18 )"
},
{
"platform": "QuTScloud c4.5.6",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-18",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\nQuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later\nQuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-18",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34360",
"datePublished": "2022-05-26T07:20:10.040731Z",
"dateReserved": "2021-06-08T00:00:00",
"dateUpdated": "2024-09-16T19:56:08.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34361 (GCVE-0-2021-34361)
Vulnerability from nvd – Published: 2022-02-25 06:10 – Updated: 2024-09-16 17:49
VLAI?
Title
Reflected XSS Vulnerability in Proxy Server
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
Credits
Tony Martin, a security researcher
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T06:10:12",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS Vulnerability in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-02-24T22:38:00.000Z",
"ID": "CVE-2021-34361",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS Vulnerability in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-04",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34361",
"datePublished": "2022-02-25T06:10:12.550975Z",
"dateReserved": "2021-06-08T00:00:00",
"dateUpdated": "2024-09-16T17:49:13.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34359 (GCVE-0-2021-34359)
Vulnerability from nvd – Published: 2022-02-25 06:10 – Updated: 2024-09-17 01:12
VLAI?
Title
Stored XSS Vulnerability in Proxy Server
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity ?
6.9 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
Credits
Tony Martin, a security researcher
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T06:10:10",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
},
"title": "Stored XSS Vulnerability in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-02-24T23:01:00.000Z",
"ID": "CVE-2021-34359",
"STATE": "PUBLIC",
"TITLE": "Stored XSS Vulnerability in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-04",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34359",
"datePublished": "2022-02-25T06:10:10.788122Z",
"dateReserved": "2021-06-08T00:00:00",
"dateUpdated": "2024-09-17T01:12:01.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7639 (GCVE-0-2017-7639)
Vulnerability from nvd – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI?
Summary
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7639",
"datePublished": "2018-06-05T21:00:00",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7637 (GCVE-0-2017-7637)
Vulnerability from nvd – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI?
Summary
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7637",
"datePublished": "2018-06-05T21:00:00",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7636 (GCVE-0-2017-7636)
Vulnerability from nvd – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7636",
"datePublished": "2018-06-05T21:00:00",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7635 (GCVE-0-2017-7635)
Vulnerability from nvd – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI?
Summary
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7635",
"datePublished": "2018-06-05T21:00:00",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34360 (GCVE-0-2021-34360)
Vulnerability from cvelistv5 – Published: 2022-05-26 07:20 – Updated: 2024-09-16 19:56
VLAI?
Title
CSRF Bypass in Proxy Server
Summary
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Tony Martin, a security researcher
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h5.0.0"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.3 ( 2022/01/18 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTScloud c4.5.6"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T07:20:09",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\nQuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later\nQuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-18",
"discovery": "EXTERNAL"
},
"title": "CSRF Bypass in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-05-26T14:43:00.000Z",
"ID": "CVE-2021-34360",
"STATE": "PUBLIC",
"TITLE": "CSRF Bypass in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.2 ( 2021/12/30 )"
},
{
"platform": "QuTS hero h5.0.0",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.3 ( 2022/01/18 )"
},
{
"platform": "QuTScloud c4.5.6",
"version_affected": "\u003c",
"version_begin": "1.4.*",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-18",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-18"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\nQuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later\nQuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-18",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34360",
"datePublished": "2022-05-26T07:20:10.040731Z",
"dateReserved": "2021-06-08T00:00:00",
"dateUpdated": "2024-09-16T19:56:08.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34361 (GCVE-0-2021-34361)
Vulnerability from cvelistv5 – Published: 2022-02-25 06:10 – Updated: 2024-09-16 17:49
VLAI?
Title
Reflected XSS Vulnerability in Proxy Server
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
Credits
Tony Martin, a security researcher
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T06:10:12",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS Vulnerability in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-02-24T22:38:00.000Z",
"ID": "CVE-2021-34361",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS Vulnerability in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-04",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34361",
"datePublished": "2022-02-25T06:10:12.550975Z",
"dateReserved": "2021-06-08T00:00:00",
"dateUpdated": "2024-09-16T17:49:13.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34359 (GCVE-0-2021-34359)
Vulnerability from cvelistv5 – Published: 2022-02-25 06:10 – Updated: 2024-09-17 01:12
VLAI?
Title
Stored XSS Vulnerability in Proxy Server
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity ?
6.9 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QNAP Systems Inc. | Proxy Server |
Affected:
unspecified , < 1.4.2 ( 2021/12/30 )
(custom)
|
Credits
Tony Martin, a security researcher
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.x"
],
"product": "Proxy Server",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 ( 2021/12/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T06:10:10",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
},
"title": "Stored XSS Vulnerability in Proxy Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-02-24T23:01:00.000Z",
"ID": "CVE-2021-34359",
"STATE": "PUBLIC",
"TITLE": "Stored XSS Vulnerability in Proxy Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxy Server",
"version": {
"version_data": [
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_value": "1.4.2 ( 2021/12/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-04",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
}
],
"source": {
"advisory": "QSA-22-04",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34359",
"datePublished": "2022-02-25T06:10:10.788122Z",
"dateReserved": "2021-06-08T00:00:00",
"dateUpdated": "2024-09-17T01:12:01.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7637 (GCVE-0-2017-7637)
Vulnerability from cvelistv5 – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI?
Summary
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7637",
"datePublished": "2018-06-05T21:00:00",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7636 (GCVE-0-2017-7636)
Vulnerability from cvelistv5 – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7636",
"datePublished": "2018-06-05T21:00:00",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7639 (GCVE-0-2017-7639)
Vulnerability from cvelistv5 – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI?
Summary
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7639",
"datePublished": "2018-06-05T21:00:00",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7635 (GCVE-0-2017-7635)
Vulnerability from cvelistv5 – Published: 2018-06-05 21:00 – Updated: 2024-08-05 16:12
VLAI?
Summary
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7635",
"datePublished": "2018-06-05T21:00:00",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}