Lucene search
HistoryOct 03, 2022 - 4:20 p.m.
CVE-2014-5457
cve-2014-5457
qnap
firmware
security vulnerability
local user
password disclosure
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password.
Affected configurations
Node
qnapts-469u_firmwareMatch4.0.7
qnapts-469uMatch-
Node
qnapts-ec1679u-rp_firmwareMatch4.0.7
qnapts-ec1679u-rpMatch-
Node
qnapts-459u_firmwareMatch4.0.7
qnapts-459uMatch-
Node
qnapss-839_firmwareMatch4.0.7
qnapss-839Match-
| CPE | Name | Operator | Version |
|---|---|---|---|
| qnap:ts-469u_firmware | qnap ts-469u firmware | eq | 4.0.7 |
| qnap:ts-469u | qnap ts-469u | eq | - |
Related
nvd
nvd
CVE-2014-5457
2014-08-25 16:55:05
prion
prion
Default credentials
2014-08-25 16:55:00
cvelist
cvelist
CVE-2014-5457
2022-10-03 16:20:43
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2014-5457