CVE-2018-0706

Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
qnapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
qnapq\'center
𝑥
≤ 1.7.1063
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html
http://seclists.org/fulldisclosure/2018/Jul/45
https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities
https://www.exploit-db.com/exploits/45015/
https://www.exploit-db.com/exploits/45043/
https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
https://www.securityfocus.com/archive/1/542141/100/0/threaded
http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html
http://seclists.org/fulldisclosure/2018/Jul/45
https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities
https://www.exploit-db.com/exploits/45015/
https://www.exploit-db.com/exploits/45043/
https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
https://www.securityfocus.com/archive/1/542141/100/0/threaded