Vulnerability CVE-2009-3200
Published: 2009-09-21   Modified: 2012-02-13

Description:
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Crypto backdoor in Qnap storage devices (CVE-2009-3200)
Marc Heuse (mh b...
23.09.2009

Type:

CWE-310

 (Cryptographic Issues)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.9/10
8.5/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Partial
Partial
Affected software
QNAP -> Ts-239 pro turbo nas 
QNAP -> Ts-639 pro turbo nas 

 References:
http://forum.qnap.com/viewtopic.php?f=11&t=11214&start=20#p63346
http://forum.qnap.com/viewtopic.php?f=12&t=12104&start=10#p63341
http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt
http://www.securityfocus.com/archive/1/506607/100/0/threaded
http://www.securityfocus.com/bid/36467
http://www.securitytracker.com/id?1022916
https://exchange.xforce.ibmcloud.com/vulnerabilities/53391
Copyright 2024, cxsecurity.com

 

Back to Top