QNAP QTS 4.2.x multiple vulnerabilities

Posted by Harry Sintonen on Feb 15

QNAP QTS 4.2.x multiple vulnerabilities
=======================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/qnap-qts-42-multiple-vulnerabilities.txt

Overview
——–

QNAP QTS firmware contain Missing Transport Layer Security (CWE-319),
Improper Certificate Validation (CWE-295), Command Injection (CWE-77),
Cross-Site Scripting (CWE-79) and Information Exposure (CWE-200)
vulnerabilities…

Source: Full Disclosure @ February 16, 2017 at 12:50AM

0
Share