CVE-2020-2504

Summary

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.QESunspecified < 2.1.1affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-73: CWE-73 External Control of File Name or Path
  • CWE-20: CWE-20 Improper Input Validation
  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References