Qnap » Ts-639 Pro Turbo Nas » 2.1.7_0613 : Security Vulnerabilities, CVEs, CVSS score >= 4

cpe:2.3:h:qnap:ts-639_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*

CVE-2009-3279

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-09-21
Updated
2018-10-10

CVE-2009-3200

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.
Max CVSS
5.9
EPSS Score
0.04%
Published
2009-09-21
Updated
2018-10-10
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close