2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password.
CPE | Name | Operator | Version |
---|---|---|---|
qnap:ts-469u_firmware | qnap ts-469u firmware | eq | 4.0.7 |
qnap:ts-469u | qnap ts-469u | eq | - |