Description
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/751328
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033794
Vendor Advisory x_refsource_confirm
https://www.qnap.com/i/en/support/con_show.php?cid=85
Scores
EPSS
0.0114
EPSS Percentile
78.7%
Details
CWE
CWE-22
Status
published
Products (2)
qnap/qts
< 4.1.4
qnap/qts
< 4.2.0
Published
Oct 16, 2015
Tracked Since
Feb 18, 2026