CVE-2020-2506

Published: Feb 3, 2021Modified: Oct 27, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

Affected (1)

Products: Qnap: Helpdesk

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qnap Helpdesk	Before 3.0.3

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://www.qnap.com/zh-tw/security-advisory/qsa-20-08

Source: security@qnapsecurity.com.tw

Vendor Advisory

https://www.qnap.com/zh-tw/security-advisory/qsa-20-08

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2506

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.