Qes
CVE-2020-2504
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
AnalysisAI
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. Affected products include: Qnap Qes.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A hard-coded password vulnerability has been reported to affect earlier versions of QES. Rated high severity (CVSS 7.2),
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in Fi
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. R
Same weakness CWE-20 – Improper Input Validation
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today