CVE-2017-12582

EUVD-2017-4153
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
qnapts-212p_firmware
4.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kth.ninja/2017/08/qnap-surveillance-station.html
http://www.kth.ninja/2017/08/qnap-surveillance-station.html