CVE: CVE-2015-7261 - CVE-Search

CVE Details for CVE: CVE-2015-7261

Summary

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.

Timestamps
Last major update	11-03-2016 - 15:09
Published	27-02-2016 - 05:59
Last modified	11-03-2016 - 15:09

References

http://www.kb.cert.org/vuls/id/444472

Vulnerable Configurations

cpe:2.3:a:qnap:iartist_lite:1.4.53.1:*:*:*:*:*:*:*
cpe:2.3:a:qnap:iartist_lite:1.4.53.1:*:*:*:*:*:*:*
cpe:2.3:a:qnap:signage_station:2.0:*:*:*:*:*:*:*
cpe:2.3:a:qnap:signage_station:2.0:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

CWE-255

CVSS

Base

7.5

Impact

6.4

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

Base

9.8

Impact

5.9

Exploitability

3.9

Access

Attack Complexity	Attack vector	Privileges Required	Scope	User Interaction
LOW	NETWORK	NONE	UNCHANGED	NONE

Impact

Confidentiality	Integrity	Availability
HIGH	HIGH	HIGH

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

cvss3-vector via4

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

refmap via4

cert-vn

VU#444472