Vulnerability Details CVE-2017-7638
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.4
References
Products affected by CVE-2017-7638
-
cpe:2.3:a:qnap:media_streaming_add-on:-
-
cpe:2.3:a:qnap:media_streaming_add-on:1.1.2
-
cpe:2.3:a:qnap:media_streaming_add-on:1.1.3
-
cpe:2.3:a:qnap:media_streaming_add-on:420.0.1.4
-
cpe:2.3:a:qnap:media_streaming_add-on:421.0.1.0
-
cpe:2.3:a:qnap:media_streaming_add-on:421.0.1.2
-
cpe:2.3:a:qnap:media_streaming_add-on:421.1.0.1
-
cpe:2.3:a:qnap:media_streaming_add-on:421.1.0.2
-
cpe:2.3:a:qnap:media_streaming_add-on:421.1.0.3
-
cpe:2.3:a:qnap:media_streaming_add-on:421.1.1.1
-
cpe:2.3:a:qnap:media_streaming_add-on:421.1.2.0
-
cpe:2.3:a:qnap:media_streaming_add-on:421.1.2.1
-
cpe:2.3:a:qnap:media_streaming_add-on:430.1.0.2
-
cpe:2.3:a:qnap:media_streaming_add-on:430.1.0.3
-
cpe:2.3:a:qnap:media_streaming_add-on:430.1.1.0
-
cpe:2.3:a:qnap:media_streaming_add-on:430.1.2.0
-
cpe:2.3:o:qnap:qts:-
-
cpe:2.3:o:qnap:qts:4.0
-
cpe:2.3:o:qnap:qts:4.0.3
-
cpe:2.3:o:qnap:qts:4.1.0
-
cpe:2.3:o:qnap:qts:4.1.1
-
cpe:2.3:o:qnap:qts:4.1.4
-
cpe:2.3:o:qnap:qts:4.2.0
-
cpe:2.3:o:qnap:qts:4.2.1
-
cpe:2.3:o:qnap:qts:4.2.2
-
cpe:2.3:o:qnap:qts:4.2.3
-
cpe:2.3:o:qnap:qts:4.2.4
-
cpe:2.3:o:qnap:qts:4.2.6
-
cpe:2.3:o:qnap:qts:4.3.3