Vulnerability Description
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Ts-469U Firmware | 4.0.7 |
| Qnap | Ts-469U | - |
| Qnap | Ts-Ec1679U-Rp Firmware | 4.0.7 |
| Qnap | Ts-Ec1679U-Rp | - |
| Qnap | Ts-459U Firmware | 4.0.7 |
| Qnap | Ts-459U | - |
| Qnap | Ss-839 Firmware | 4.0.7 |
| Qnap | Ss-839 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Jul/57
- http://seclists.org/fulldisclosure/2014/Jul/58
- http://seclists.org/fulldisclosure/2014/Jul/59
- http://seclists.org/fulldisclosure/2014/Jul/61
- http://seclists.org/fulldisclosure/2014/Jul/57
- http://seclists.org/fulldisclosure/2014/Jul/58
- http://seclists.org/fulldisclosure/2014/Jul/59
- http://seclists.org/fulldisclosure/2014/Jul/61
FAQ
What is CVE-2014-5457?
CVE-2014-5457 is a vulnerability with a CVSS score of 2.1 (LOW). QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passw...
How severe is CVE-2014-5457?
CVE-2014-5457 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5457?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Ts-469U Firmware, Qnap Ts-469U, Qnap Ts-Ec1679U-Rp Firmware, Qnap Ts-Ec1679U-Rp, Qnap Ts-459U Firmware.