CVE-2009-3279

Exploit

EPSS 0.06%
Published 21.09.2009 19:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Qnap ≫ Ts-239 Pro Turbo Nas Version2.1.7_0613

Qnap ≫ Ts-239 Pro Turbo Nas Version3.1.0_0627

Qnap ≫ Ts-239 Pro Turbo Nas Version3.1.1_0815

Qnap ≫ Ts-639 Pro Turbo Nas Version2.1.7_0613

Qnap ≫ Ts-639 Pro Turbo Nas Version3.1.0_0627

Qnap ≫ Ts-639 Pro Turbo Nas Version3.1.1_0815

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.161

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:C/I:N/A:N

http://secunia.com/advisories/36793

http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt

Exploit

http://www.securityfocus.com/archive/1/506607/100/0/threaded

https://nvd.nist.gov/vuln/detail/CVE-2009-3279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3279

EUVD