CVE-2020-2506

HIGH KEV

Qnap Helpdesk < 3.0.3 - Improper Access Control

Title source: rule

Description

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

References (2)

[Vendor Advisory] https://www.qnap.com/zh-tw/security-advisory/qsa-20-08

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2506

Scores

CVSS v3 7.3

EPSS 0.1799

EPSS Percentile 95.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CISA KEV 2022-03-25

VulnCheck KEV 2021-03-05

InTheWild.io 2021-03-02

ENISA EUVD EUVD-2020-22299

CWE

CWE-284

Status published

Products (1)

qnap/helpdesk < 3.0.3

Published Feb 03, 2021

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026