CVE-2020-2504

MEDIUM

Qnap Qes < 2.1.1 - Path Traversal

Title source: rule

Description

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

References (1)

[Vendor Advisory] https://www.qnap.com/zh-tw/security-advisory/qsa-20-17

Scores

CVSS v3 5.8

EPSS 0.0035

EPSS Percentile 57.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Classification

CWE

CWE-22 CWE-284 CWE-20 CWE-73

Status published

Affected Products (8)

qnap/qes < 2.1.1

qnap/qes

Timeline

Published Dec 24, 2020

Tracked Since Feb 18, 2026