ID de Prueba:	1.3.6.1.4.1.25623.1.0.103732
Categoría:	Web application abuses
Título:	Qnap Multiple Vulnerabilities
Resumen:	QNAP VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP; NAS contains multiple vulnerabilities.
Descripción:	Summary: QNAP VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS contains multiple vulnerabilities. Vulnerability Insight: The following flaws exist: 1. Improper Access Control VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS with the Surveillance Station Pro activated contains a hardcoded guest account and password which can be leveraged to login to the webserver. It has been reported that it is not possible to view or administer the guest account using the web interface. 2. Cross-Site Request Forgery (CSRF). VioStor NVR firmware version 4.0.3 and possibly earlier versions contains a cross-site request forgery vulnerability could allow an attacker to add a new administrative account to the server by tricking an administrator to click on a malicious link while they are currently logged into the webserver. Solution: Updates are available. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0142 CERT/CC vulnerability note: VU#927644 http://www.kb.cert.org/vuls/id/927644 Common Vulnerability Exposure (CVE) ID: CVE-2013-0144
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.