QNAP Ts-239 Pro Turbo Nas 3.1.1 0815 Partition cryptographic issue
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in QNAP Ts-239 Pro Turbo Nas 3.1.1 0815. Impacted is an unknown function of the component Partition. This manipulation causes cryptographic issue. This vulnerability appears as CVE-2009-3279. There is no available exploit.
Details
A vulnerability has been found in QNAP Ts-239 Pro Turbo Nas 3.1.1 0815 and classified as critical. Affected by this vulnerability is some unknown functionality of the component Partition. The manipulation with an unknown input leads to a cryptographic issue vulnerability. The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect confidentiality. The summary by CVE is:
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack.
The weakness was presented 09/21/2009 as not defined posting (Bugtraq). It is possible to read the advisory at securityfocus.com. This vulnerability is known as CVE-2009-3279 since 09/21/2009. The exploitation appears to be easy. Attacking locally is a requirement. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1600 according to MITRE ATT&CK.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the databases at Secunia (SA36793†) and Vulnerability Center (SBV-47229†). See VDB-50142 and VDB-50134 for similar entries. Be aware that VulDB is the high quality source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.qnap.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.2VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.2
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cryptographic issueCWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
09/21/2009 🔍09/21/2009 🔍
09/21/2009 🔍
09/21/2009 🔍
09/21/2009 🔍
11/23/2014 🔍
03/18/2015 🔍
06/12/2017 🔍
Sources
Vendor: qnap.comAdvisory: securityfocus.com⛔
Status: Not defined
CVE: CVE-2009-3279 (🔍)
GCVE (CVE): GCVE-0-2009-3279
GCVE (VulDB): GCVE-100-50143
Secunia: 36793 - QNAP Devices Hard Disk Encryption Security Bypass, Less Critical
Vulnerability Center: 47229 - QNAP TS-239 Pro and TS-639 Pro Local Information Disclosure Vulnerability via a Watermark Attack, Low
See also: 🔍
Entry
Created: 03/18/2015 15:15Updated: 06/12/2017 08:39
Changes: 03/18/2015 15:15 (55), 06/12/2017 08:39 (3)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.