Description
QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/444472
Scores
CVSS v3
7.5
EPSS
0.0030
EPSS Percentile
53.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (1)
qnap/sinage_station
2.0.0
Published
Feb 27, 2016
Tracked Since
Feb 18, 2026