Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-3200 | First vendor Publication | 2009-09-21 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.9 | Attack Range | Local |
| Cvss Impact Score | 8.5 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3200 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Hardware | 3 | |
| Hardware | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 58248 | QNAP Multiple Devices Flash Memory Encryption Backup Key Storage Disclosure |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:10:18 |
|
| 2024-11-28 12:19:49 |
|
| 2021-05-04 12:10:11 |
|
| 2021-04-22 01:10:36 |
|
| 2020-05-23 00:24:19 |
|
| 2018-10-11 00:19:41 |
|
| 2017-08-17 09:22:42 |
|
| 2016-04-26 19:06:41 |
|
| 2013-05-10 23:57:22 |
|
