Vulnerability Details CVE-2018-0706
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.624
EPSS Ranking 98.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html
- http://seclists.org/fulldisclosure/2018/Jul/45
- https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/45015/
- https://www.exploit-db.com/exploits/45043/
- https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
- https://www.securityfocus.com/archive/1/542141/100/0/threaded
- http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html
- http://seclists.org/fulldisclosure/2018/Jul/45
- https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/45015/
- https://www.exploit-db.com/exploits/45043/
- https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
- https://www.securityfocus.com/archive/1/542141/100/0/threaded
Products affected by CVE-2018-0706
-
cpe:2.3:a:qnap:q'center:1.1.15
-
cpe:2.3:a:qnap:q'center:1.1.17
-
cpe:2.3:a:qnap:q'center:1.1.25
-
cpe:2.3:a:qnap:q'center:1.2.101
-
cpe:2.3:a:qnap:q'center:1.3.503
-
cpe:2.3:a:qnap:q'center:1.4.16
-
cpe:2.3:a:qnap:q'center:1.4.519
-
cpe:2.3:a:qnap:q'center:1.5.607
-
cpe:2.3:a:qnap:q'center:1.6.1056
-
cpe:2.3:a:qnap:q'center:1.6.1075
-
cpe:2.3:a:qnap:q'center:1.7.1063