CVE-2014-5457

QNAP TS-469U, TS-459U, TS-EC1679U-RP, and SS-839 - Unprotected Credential Exposure via World-Readable Shadow File

Title source: llm
STIX 2.1

Description

QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/57
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/58
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/61
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/59

Scores

EPSS 0.0005
EPSS Percentile 16.5%

Details

CWE
CWE-264
Status published
Products (8)
qnap/ss-839
qnap/ss-839_firmware 4.0.7
qnap/ts-459u
qnap/ts-459u_firmware 4.0.7
qnap/ts-469u
qnap/ts-469u_firmware 4.0.7
qnap/ts-ec1679u-rp
qnap/ts-ec1679u-rp_firmware 4.0.7
Published Aug 25, 2014
Tracked Since Feb 18, 2026