CVE-2018-0706

EUVD-2018-1516
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
qnapq\'center
𝑥
≤ 1.7.1063
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html
http://seclists.org/fulldisclosure/2018/Jul/45
https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities
https://www.exploit-db.com/exploits/45015/
https://www.exploit-db.com/exploits/45043/
https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
https://www.securityfocus.com/archive/1/542141/100/0/threaded
http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html
http://seclists.org/fulldisclosure/2018/Jul/45
https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities
https://www.exploit-db.com/exploits/45015/
https://www.exploit-db.com/exploits/45043/
https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
https://www.securityfocus.com/archive/1/542141/100/0/threaded