Path Traversal in Qnap Qts

CVE-2013-7174

Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.014 (80.7th percentile) — read the EPSS interpretation.

Affected products

Qnap Qts — versions 4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

VU#487078 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
64719 (vdb-entry, x_refsource_BID)
1029577 (vdb-entry, x_refsource_SECTRACK)