November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – SolarWinds Orion API authentication bypass
December 27, 2020Rewterz Threat Alert – Active Phishing Targeting Microsoft
December 28, 2020Rewterz Threat Advisory – SolarWinds Orion API authentication bypass
December 27, 2020Rewterz Threat Alert – Active Phishing Targeting Microsoft
December 28, 2020
Severity
Medium
Analysis Summary
CVE-2020-2504
QNAP QES could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
Obtain Information
Affected Vendors
QNAP
Affected Products
QNAP QES 2.1
Remediation
Update to the latest version QES 2.1.1.