Test ID:	1.3.6.1.4.1.25623.1.0.103732
Category:	Web application abuses
Title:	Qnap Multiple Vulnerabilities
Summary:	QNAP VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP; NAS contains multiple vulnerabilities.
Description:	Summary: QNAP VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS contains multiple vulnerabilities. Vulnerability Insight: The following flaws exist: 1. Improper Access Control VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS with the Surveillance Station Pro activated contains a hardcoded guest account and password which can be leveraged to login to the webserver. It has been reported that it is not possible to view or administer the guest account using the web interface. 2. Cross-Site Request Forgery (CSRF). VioStor NVR firmware version 4.0.3 and possibly earlier versions contains a cross-site request forgery vulnerability could allow an attacker to add a new administrative account to the server by tricking an administrator to click on a malicious link while they are currently logged into the webserver. Solution: Updates are available. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0142 CERT/CC vulnerability note: VU#927644 http://www.kb.cert.org/vuls/id/927644 Common Vulnerability Exposure (CVE) ID: CVE-2013-0144
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.