CVE-2017-12582

Published: Aug 18, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.

Affected (1)

Products: Qnap: Ts 212p Firmware

1 product

Ts 212p Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qnap Ts 212p Firmware	Version 4.2.1

Running on/with	Platform Versions
Qnap Ts 212p	All versions

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

http://www.kth.ninja/2017/08/qnap-surveillance-station.html

Source: cve@mitre.org

Third Party Advisory

http://www.kth.ninja/2017/08/qnap-surveillance-station.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.