Search criteria
1 vulnerability found for ts-212p by qnap
VAR-201708-0874
Vulnerability from variot - Updated: 2025-04-20 23:35Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. QNAP TS-212P Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QNAPTS212Pdevices is a NAS storage device from QNAP Systems. SurveillanceStationcomponent is one of the image management components. A security vulnerability exists in the SurveillanceStation component of the QNAPTS212P device using firmware version 4.2.1build20160601. An attacker could exploit this vulnerability to access all functions. QNAP Surveillance Station is prone to an authentication-bypass vulnerability. Attackers may exploit this issue to gain unauthorized access or bypass intended security restrictions. Qnap TS212P Firmware 4.2.1 build 20160601 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0874",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-212p",
"scope": "eq",
"trust": 1.6,
"vendor": "qnap",
"version": "4.2.1"
},
{
"model": "ts-212p",
"scope": "eq",
"trust": 0.8,
"vendor": "qnap",
"version": "4.2.1 build 20160601"
},
{
"model": "systems ts212p build",
"scope": "eq",
"trust": 0.6,
"vendor": "qnap",
"version": "4.2.120160601"
},
{
"model": "ts212p build",
"scope": "eq",
"trust": 0.3,
"vendor": "qnap",
"version": "4.2.120160601"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30008"
},
{
"db": "BID",
"id": "100884"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007247"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-169"
},
{
"db": "NVD",
"id": "CVE-2017-12582"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:qnap:ts-212p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007247"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyaw Thiha",
"sources": [
{
"db": "BID",
"id": "100884"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12582",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12582",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-30008",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-103119",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12582",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12582",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-12582",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-30008",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-169",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-103119",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30008"
},
{
"db": "VULHUB",
"id": "VHN-103119"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007247"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-169"
},
{
"db": "NVD",
"id": "CVE-2017-12582"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. QNAP TS-212P Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QNAPTS212Pdevices is a NAS storage device from QNAP Systems. SurveillanceStationcomponent is one of the image management components. A security vulnerability exists in the SurveillanceStation component of the QNAPTS212P device using firmware version 4.2.1build20160601. An attacker could exploit this vulnerability to access all functions. QNAP Surveillance Station is prone to an authentication-bypass vulnerability. \nAttackers may exploit this issue to gain unauthorized access or bypass intended security restrictions. \nQnap TS212P Firmware 4.2.1 build 20160601 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12582"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007247"
},
{
"db": "CNVD",
"id": "CNVD-2017-30008"
},
{
"db": "BID",
"id": "100884"
},
{
"db": "VULHUB",
"id": "VHN-103119"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12582",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007247",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-169",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-30008",
"trust": 0.6
},
{
"db": "BID",
"id": "100884",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-103119",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30008"
},
{
"db": "VULHUB",
"id": "VHN-103119"
},
{
"db": "BID",
"id": "100884"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007247"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-169"
},
{
"db": "NVD",
"id": "CVE-2017-12582"
}
]
},
"id": "VAR-201708-0874",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30008"
},
{
"db": "VULHUB",
"id": "VHN-103119"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30008"
}
]
},
"last_update_date": "2025-04-20T23:35:47.484000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TS-212P",
"trust": 0.8,
"url": "https://www.qnap.com/en-us/product/model.php?II=117"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103119"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007247"
},
{
"db": "NVD",
"id": "CVE-2017-12582"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kth.ninja/2017/08/qnap-surveillance-station.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12582"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12582"
},
{
"trust": 0.3,
"url": "https://www.qnap.com/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30008"
},
{
"db": "VULHUB",
"id": "VHN-103119"
},
{
"db": "BID",
"id": "100884"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007247"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-169"
},
{
"db": "NVD",
"id": "CVE-2017-12582"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-30008"
},
{
"db": "VULHUB",
"id": "VHN-103119"
},
{
"db": "BID",
"id": "100884"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007247"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-169"
},
{
"db": "NVD",
"id": "CVE-2017-12582"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30008"
},
{
"date": "2017-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-103119"
},
{
"date": "2017-08-18T00:00:00",
"db": "BID",
"id": "100884"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007247"
},
{
"date": "2017-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-169"
},
{
"date": "2017-08-18T16:29:00.373000",
"db": "NVD",
"id": "CVE-2017-12582"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30008"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-103119"
},
{
"date": "2017-08-18T00:00:00",
"db": "BID",
"id": "100884"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007247"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-169"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12582"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-169"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "QNAP TS-212P Vulnerabilities related to authorization, authority, and access control in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007247"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-169"
}
],
"trust": 0.6
}
}