5.9
CVE-2009-3200
- EPSS 0.4%
- Veröffentlicht 21.09.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qnap ≫ Ts-239 Pro Turbo Nas Version2.1.7_0613
Qnap ≫ Ts-239 Pro Turbo Nas Version3.1.0_0627
Qnap ≫ Ts-239 Pro Turbo Nas Version3.1.1_0815
Qnap ≫ Ts-639 Pro Turbo Nas Version2.1.7_0613
Qnap ≫ Ts-639 Pro Turbo Nas Version3.1.0_0627
Qnap ≫ Ts-639 Pro Turbo Nas Version3.1.1_0815
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.32 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 3.4 | 8.5 |
AV:L/AC:M/Au:N/C:C/I:P/A:P
|
http://forum.qnap.com/viewtopic.php?f=11&t=11214&start=20#p63346
http://forum.qnap.com/viewtopic.php?f=12&t=12104&start=10#p63341
http://secunia.com/advisories/36793
http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt
http://www.securityfocus.com/archive/1/506607/100/0/threaded
http://www.securityfocus.com/bid/36467
http://www.securitytracker.com/id?1022916
https://exchange.xforce.ibmcloud.com/vulnerabilities/53391