

Rewterz Threat Advisory – SolarWinds Orion API authentication bypass
December 27, 2020
Rewterz Threat Alert – Active Phishing Targeting Microsoft
December 28, 2020
Rewterz Threat Advisory – SolarWinds Orion API authentication bypass
December 27, 2020
Rewterz Threat Alert – Active Phishing Targeting Microsoft
December 28, 2020Severity
Medium
Analysis Summary
CVE-2020-2504
QNAP QES could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
Obtain Information
Affected Vendors
QNAP
Affected Products
QNAP QES 2.1
Remediation
Update to the latest version QES 2.1.1.