← Back

CVE-2009-3200

nvd nist
Published: Sep 21, 2009Modified: Apr 23, 2026

JSON object

Loading...
5.9
Vector
AV:L/AC:M/Au:N/C:C/I:P/A:P
Exploitability: 3.4 / Impact: 8.5
Source: NVD

Description

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.

Affected (6)

Qnap
2 products
Ts 239 Pro Turbo Nas
Ts 639 Pro Turbo Nas
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Ts 239 Pro Turbo Nas
Version 2.1.7_0613
Ts 239 Pro Turbo Nas
Version 3.1.0_0627
Ts 239 Pro Turbo Nas
Version 3.1.1_0815
Qnap
Ts 639 Pro Turbo Nas
Version 2.1.7_0613
Ts 639 Pro Turbo Nas
Version 3.1.0_0627
Ts 639 Pro Turbo Nas
Version 3.1.1_0815

Related CWEs

CWE-310
CWE-310

References (16)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.