CVE-2013-7174

QNAP QTS < 4.1.0 - Path Traversal via cgi-bin/jc.cgi f Parameter

Title source: llm
STIX 2.1

Description

Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter.

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/487078
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64719
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029577

Scores

EPSS 0.0139
EPSS Percentile 80.6%

Details

CWE
CWE-22
Status published
Products (2)
qnap/qts 4.0
qnap/qts < 4.0.3
Published Jan 09, 2014
Tracked Since Feb 18, 2026