Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-3200
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-21 Sep, 2009 | 19:30
Updated At-10 Oct, 2018 | 19:43

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:P/A:P
Type: Primary
Version: 2.0
Base score: 5.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:P/A:P
CPE Matches
QNAP Systems, Inc.
qnap
>>ts-239_pro_turbo_nas>>2.1.7_0613
cpe:2.3:h:qnap:ts-239_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>ts-239_pro_turbo_nas>>3.1.0_0627
cpe:2.3:h:qnap:ts-239_pro_turbo_nas:3.1.0_0627:*:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>ts-239_pro_turbo_nas>>3.1.1_0815
cpe:2.3:h:qnap:ts-239_pro_turbo_nas:3.1.1_0815:*:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>ts-639_pro_turbo_nas>>2.1.7_0613
cpe:2.3:h:qnap:ts-639_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>ts-639_pro_turbo_nas>>3.1.0_0627
cpe:2.3:h:qnap:ts-639_pro_turbo_nas:3.1.0_0627:*:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>ts-639_pro_turbo_nas>>3.1.1_0815
cpe:2.3:h:qnap:ts-639_pro_turbo_nas:3.1.1_0815:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarynvd@nist.gov
CWE ID: CWE-310
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://forum.qnap.com/viewtopic.php?f=11&t=11214&start=20#p63346cve@mitre.org
N/A
http://forum.qnap.com/viewtopic.php?f=12&t=12104&start=10#p63341cve@mitre.org
N/A
http://secunia.com/advisories/36793cve@mitre.org
N/A
http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txtcve@mitre.org
Exploit
http://www.securityfocus.com/archive/1/506607/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/36467cve@mitre.org
N/A
http://www.securitytracker.com/id?1022916cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/53391cve@mitre.org
N/A
Hyperlink: http://forum.qnap.com/viewtopic.php?f=11&t=11214&start=20#p63346
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://forum.qnap.com/viewtopic.php?f=12&t=12104&start=10#p63341
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36793
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/506607/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/36467
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1022916
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/53391
Source: cve@mitre.org
Resource: N/A
Change History
0Changes found
Details not found