CVE-2020-2499

High

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow…

qnap·CWE-259·Published 2020-12-24

CVSS

7.2

EPSS

0.01

KEV

Exploits

cve.orgen

253 chars

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.

NVDen

253 chars

NVDes

304 chars

Se ha reportado de una vulnerabilidad de contraseña embebida que afecta a versiones anteriores de QES. Si es explotada, esta vulnerabilidad podría permitir a atacantes iniciar sesión con una contraseña embebida. QNAP ya ha corregido el problema en QES versión 2.1.1 Build 20200515 y posteriores

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H