Description
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
None
Affected products
- QNAP Systems Inc. / QESunspecified – 2.1.1