CVE-2015-7261
CRITICAL EXPLOITEDQNAP iArtist Lite < 1.4.54 and Signage Station < 2.0.1 - Unauthenticated FTP Access via Hardcoded Credentials
Title source: llmExploitation Summary
CVE-2015-7261 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/444472
Scores
CVSS v3
9.8
EPSS
0.0025
EPSS Percentile
48.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2018-07-13
CWE
CWE-255
Status
published
Products (2)
qnap/iartist_lite
< 1.4.53.1
qnap/signage_station
< 2.0
Published
Feb 27, 2016
Tracked Since
Feb 18, 2026