CVE-2017-7629

HIGH

QNAP QTS < 4.2.6 - Weak Password Recovery Mechanism

Title source: llm
STIX 2.1

Description

QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.

References (1)

Core 1
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://www.qnap.com/en-us/releasenotes/

Scores

CVSS v3 7.5
EPSS 0.0094
EPSS Percentile 56.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-640
Status published
Products (1)
qnap/qts < 4.2.6
Published Jun 15, 2017
Tracked Since Feb 18, 2026