CVE-2020-2505

EUVD-2020-22298
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.3 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
qnapCNA
2.3 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
qnapqes
𝑥
< 2.1.1
qnapqes
2.1.1
qnapqes
2.1.1:build_20200211
qnapqes
2.1.1:build_20200303
qnapqes
2.1.1:build_20200319
qnapqes
2.1.1:build_20200424
qnapqes
2.1.1:build_20200515
qnapqes
2.1.1:build_20200811
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qnap.com/zh-tw/security-advisory/qsa-20-17
https://www.qnap.com/zh-tw/security-advisory/qsa-20-17