CVE-2017-7638
MEDIUMQNAP Media Streaming add-on <= 430.1.2.0 - Improper Authentication
Title source: llmDescription
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qnap.com/zh-tw/security-advisory/nas-201803-08
Scores
CVSS v3
6.5
EPSS
0.0019
EPSS Percentile
40.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-287
Status
published
Products (1)
qnap/media_streaming_add-on
< 430.1.2.0
Published
Mar 08, 2018
Tracked Since
Feb 18, 2026