QNAP Photo Station up to 5.2.6/5.4.0 XMR Mining information disclosure

Summaryinfo

A vulnerability was found in QNAP Photo Station up to 5.2.6/5.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component XMR Mining. This manipulation causes an unknown weakness. The identification of this vulnerability is CVE-2017-20210. There is no exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as problematic was found in QNAP Photo Station up to 5.2.6/5.4.0. Affected by this vulnerability is an unknown function of the component XMR Mining. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. The impact remains unknown. The summary by CVE is:

Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.

The advisory is shared at qnap.com. This vulnerability is known as CVE-2017-20210 since 11/07/2025. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1592 for this issue.

Upgrading to version 5.2.7 or 5.4.1 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2017-18926). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• QNAP

Name

• Photo Station

Version

• 5.0
• 5.1
• 5.2
• 5.2.0
• 5.2.1
• 5.2.2
• 5.2.3
• 5.2.4
• 5.2.5
• 5.2.6
• 5.3
• 5.4.0

License

• commercial

Website

• Vendor: https://www.qnap.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion