CVE-2013-5760

EUVD-2013-5596
QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
qnapphoto_station_firmware
𝑥
≤ 4.0.3
qnapphoto_station
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/89117
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-029.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/89117
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-029.txt