Sign-up

ID

VAR-201803-1497


CVE

CVE-2017-7631


TITLE

QNAP Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-08758 // CNNVD: CNNVD-201704-461

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. QNAP QTS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. QNAPS is a network storage device from QNAP Systems. Used for home, SOHO, and SMB users. FileStation is one of the file management applications. A cross-site scripting vulnerability exists in the shared link feature of FileStation in QNAP 4.2.6build20171026 and earlier and 4.3.3build20170727 and earlier

Trust: 2.16

sources: NVD: CVE-2017-7631 // JVNDB: JVNDB-2017-013000 // CNVD: CNVD-2018-08758

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08758

AFFECTED PRODUCTS

vendor:qnapmodel:qtsscope:eqversion:4.2.6

Trust: 1.6

vendor:qnapmodel:qtsscope:eqversion:4.3.3

Trust: 1.6

vendor:qnapmodel:qtsscope:lteversion:4.2.6 build 20171026

Trust: 0.8

vendor:qnapmodel:qtsscope:lteversion:4.3.3 build 20170727

Trust: 0.8

vendor:qnapmodel:systems qnaps buildscope:lteversion:<=4.2.620171026

Trust: 0.6

vendor:qnapmodel:systems qnaps buildscope:lteversion:<=4.3.320170727

Trust: 0.6

sources: CNVD: CNVD-2018-08758 // JVNDB: JVNDB-2017-013000 // CNNVD: CNNVD-201704-461 // NVD: CVE-2017-7631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7631
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7631
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-08758
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-461
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-7631
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08758
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-7631
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08758 // JVNDB: JVNDB-2017-013000 // CNNVD: CNNVD-201704-461 // NVD: CVE-2017-7631

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-013000 // NVD: CVE-2017-7631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-461

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201704-461

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013000

PATCH
title:NAS-201803-23url:https://www.qnap.com/zh-tw/security-advisory/nas-201803-23
Trust: 0.8
title:Patch for QNAP Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/127869
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08758 // 
            
            
            
            JVNDB: JVNDB-2017-013000

EXTERNAL IDS
db:NVDid:CVE-2017-7631
Trust: 3.0
db:JVNDBid:JVNDB-2017-013000
Trust: 0.8
db:CNVDid:CNVD-2018-08758
Trust: 0.6
db:CNNVDid:CNNVD-201704-461
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08758 // 
            
            
            
            JVNDB: JVNDB-2017-013000 // 
            
            
            
            CNNVD: CNNVD-201704-461 // 
            
            
            
            NVD: CVE-2017-7631

REFERENCES
url:https://www.qnap.com/zh-tw/security-advisory/nas-201803-23
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7631
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7631
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-08758 // 
            
            
            
            JVNDB: JVNDB-2017-013000 // 
            
            
            
            CNNVD: CNNVD-201704-461 // 
            
            
            
            NVD: CVE-2017-7631

SOURCES
db:CNVDid:CNVD-2018-08758
db:JVNDBid:JVNDB-2017-013000
db:CNNVDid:CNNVD-201704-461
db:NVDid:CVE-2017-7631

LAST UPDATE DATE
2024-11-23T22:38:15.129000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08758date:2018-05-03T00:00:00
db:JVNDBid:JVNDB-2017-013000date:2018-05-17T00:00:00
db:CNNVDid:CNNVD-201704-461date:2018-03-28T00:00:00
db:NVDid:CVE-2017-7631date:2024-11-21T03:32:20.060

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08758date:2018-05-03T00:00:00
db:JVNDBid:JVNDB-2017-013000date:2018-05-17T00:00:00
db:CNNVDid:CNNVD-201704-461date:2017-04-11T00:00:00
db:NVDid:CVE-2017-7631date:2018-03-27T21:29:00.500