Lucene search

K
cveMitreCVE-2009-3200
HistorySep 21, 2009 - 7:30 p.m.

CVE-2009-3200

2009-09-2119:30:00
CWE-310
mitre
web.nvd.nist.gov
32
cve-2009-3200
qnap
ts-239 pro
ts-639 pro
firmware vulnerability
local users
passphrase bypass
hard drive decryption
security
nvd

CVSS2

5.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:C/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

5.1%

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.

Affected configurations

Nvd
Node
qnapts-239_pro_turbo_nasMatch2.1.7_0613
OR
qnapts-239_pro_turbo_nasMatch3.1.0_0627
OR
qnapts-239_pro_turbo_nasMatch3.1.1_0815
OR
qnapts-639_pro_turbo_nasMatch2.1.7_0613
OR
qnapts-639_pro_turbo_nasMatch3.1.0_0627
OR
qnapts-639_pro_turbo_nasMatch3.1.1_0815
VendorProductVersionCPE
qnapts-239_pro_turbo_nas2.1.7_0613cpe:2.3:h:qnap:ts-239_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*
qnapts-239_pro_turbo_nas3.1.0_0627cpe:2.3:h:qnap:ts-239_pro_turbo_nas:3.1.0_0627:*:*:*:*:*:*:*
qnapts-239_pro_turbo_nas3.1.1_0815cpe:2.3:h:qnap:ts-239_pro_turbo_nas:3.1.1_0815:*:*:*:*:*:*:*
qnapts-639_pro_turbo_nas2.1.7_0613cpe:2.3:h:qnap:ts-639_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*
qnapts-639_pro_turbo_nas3.1.0_0627cpe:2.3:h:qnap:ts-639_pro_turbo_nas:3.1.0_0627:*:*:*:*:*:*:*
qnapts-639_pro_turbo_nas3.1.1_0815cpe:2.3:h:qnap:ts-639_pro_turbo_nas:3.1.1_0815:*:*:*:*:*:*:*

CVSS2

5.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:C/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

5.1%