search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

QNAP QTS path traversal vulnerability

Vulnerability Note VU#487078

Original Release Date: 2014-01-08 | Last Revised: 2014-01-08

Overview

QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability.

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CVE-2013-7174

QNAP QTS is a Network-Attached Storage (NAS) system accessible via a web interface. QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability via the cgi-bin/jc.cgi CGI script. The script accepts an "f" parameter which takes an unrestricted file path as input.

Impact

A remote unauthenticated attacker could obtain sensitive information.

Solution

Apply an Update

QNAP advises users to upgrade to QTS version 4.1.0. In addition, the following workaround is available:

Restrict Access

Enable firewall rules to restrict access to port 80/tcp from external untrusted sources.

Vendor Information

487078
 
Expand all

CVSS Metrics

Group Score Vector
Base 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N
Temporal 6.4 E:F/RL:OF/RC:C
Environmental 1.7 CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to the reporter that wishes to remain anonymous.

This document was written by Todd Lewellen.

Other Information

CVE IDs: CVE-2013-7174
Date Public: 2014-01-08
Date First Published: 2014-01-08
Date Last Updated: 2014-01-08 16:46 UTC
Document Revision: 16

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis