Lucene search

QnapCVELIST:CVE-2023-45038

HistorySep 06, 2024 - 4:26 p.m.

CVE-2023-45038 Music Station

2024-09-0616:26:59

CWE-287

qnap

www.cve.org

authentication

vulnerability

music station

network compromise

security

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.0%

JSON

An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.

We have already fixed the vulnerability in the following version:
Music Station 5.4.0 and later

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Music Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.4.0",
        "status": "affected",
        "version": "5.4.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-25

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.0%

JSON

Related for CVELIST:CVE-2023-45038