Lucene search

[email protected]CVE-2008-1431

HistoryMar 20, 2008 - 6:44 p.m.

CVE-2008-1431

2008-03-2018:44:00

CWE-310

[email protected]

web.nvd.nist.gov

raidsonic

nas-4220-b

firmware

encryption

key

vulnerability

nvd

cve-2008-1431

6.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key.

Affected configurations

NVD

Node

raidsonic_technologyfirmwareMatch2.6.0-n

AND

raidsonic_technologynas-4220-bMatch2.6.0-n

CPENameOperatorVersion
raidsonic_technology:firmwareraidsonic technology firmwareeq2.6.0-n

CPE	Name	Operator	Version
raidsonic_technology:firmware	raidsonic technology firmware	eq	2.6.0-n

References

secunia.com/advisories/29401

securityreason.com/securityalert/3760

www.securityfocus.com/archive/1/489690/100/0/threaded

www.securityfocus.com/bid/28264

6.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-1431

cvelist1 prion1 nvd1