search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

QNAP QTS path traversal vulnerability

Vulnerability Note VU#487078

Original Release Date: 2014-01-08 | Last Revised: 2014-01-08

Overview

QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability.

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CVE-2013-7174

QNAP QTS is a Network-Attached Storage (NAS) system accessible via a web interface. QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability via the cgi-bin/jc.cgi CGI script. The script accepts an "f" parameter which takes an unrestricted file path as input.

Impact

A remote unauthenticated attacker could obtain sensitive information.

Solution

Apply an Update

QNAP advises users to upgrade to QTS version 4.1.0. In addition, the following workaround is available:

Restrict Access

Enable firewall rules to restrict access to port 80/tcp from external untrusted sources.

Vendor Information

487078
 
Expand all

QNAP Security Affected

Notified:  November 07, 2013 Updated: January 08, 2014

Status

Affected

Vendor Statement

QNAP advises users to upgrade to QTS version 4.1.0.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N
Temporal 6.4 E:F/RL:OF/RC:C
Environmental 1.7 CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to the reporter that wishes to remain anonymous.

This document was written by Todd Lewellen.

Other Information

CVE IDs: CVE-2013-7174
Date Public: 2014-01-08
Date First Published: 2014-01-08
Date Last Updated: 2014-01-08 16:46 UTC
Document Revision: 16

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis