Summary
Detail | |||
---|---|---|---|
Vendor | Qnap | First view | 2009-09-21 |
Product | Ts-239 Pro Turbo Nas | Last view | 2009-09-21 |
Version | 3.1.0_0627 | Type | Hardware |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:h:qnap:ts-239_pro_turbo_nas |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.9 | 2009-09-21 | CVE-2009-3279 | The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack. |
5.9 | 2009-09-21 | CVE-2009-3200 | The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (2) | CWE-310 | Cryptographic Issues |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
58346 | QNAP LUKS Partition AES-256 Cipher Plain CBC Mode Watermark Attack Informatio... |
58248 | QNAP Multiple Devices Flash Memory Encryption Backup Key Storage Disclosure |