Vulnerability Details CVE-2014-5457
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.3%
CVSS Severity
CVSS v2 Score 2.1
References
- http://seclists.org/fulldisclosure/2014/Jul/57
- http://seclists.org/fulldisclosure/2014/Jul/58
- http://seclists.org/fulldisclosure/2014/Jul/59
- http://seclists.org/fulldisclosure/2014/Jul/61
- http://seclists.org/fulldisclosure/2014/Jul/57
- http://seclists.org/fulldisclosure/2014/Jul/58
- http://seclists.org/fulldisclosure/2014/Jul/59
- http://seclists.org/fulldisclosure/2014/Jul/61
Products affected by CVE-2014-5457
-
cpe:2.3:h:qnap:ss-839:-
-
cpe:2.3:h:qnap:ts-459u:-
-
cpe:2.3:h:qnap:ts-469u:-
-
cpe:2.3:h:qnap:ts-ec1679u-rp:-
-
cpe:2.3:o:qnap:ss-839_firmware:4.0.7
-
cpe:2.3:o:qnap:ts-459u_firmware:4.0.7
-
cpe:2.3:o:qnap:ts-469u_firmware:4.0.7
-
cpe:2.3:o:qnap:ts-ec1679u-rp_firmware:4.0.7