Q-Free: >> Maxtime Security Vulnerabilities
A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-02-12
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-02-12
A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-02-12
Page 5