CVE-2015-7261
First published: Sat Feb 27 2016(Updated: )
The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP iArtist Lite | <=1.4.53.1 | |
| QNAP Signage Station | <=2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7261?
CVE-2015-7261 is considered a high-severity vulnerability due to the presence of hardcoded credentials in the FTP service.
How do I fix CVE-2015-7261?
To fix CVE-2015-7261, upgrade QNAP iArtist Lite to version 1.4.54 or later and QNAP Signage Station to version 2.0.1 or later.
What are the affected versions of QNAP iArtist Lite in CVE-2015-7261?
QNAP iArtist Lite versions prior to 1.4.54 are affected by CVE-2015-7261.
What are the affected versions of QNAP Signage Station in CVE-2015-7261?
QNAP Signage Station versions prior to 2.0.1 are affected by CVE-2015-7261.
Can CVE-2015-7261 lead to unauthorized access?
Yes, CVE-2015-7261 allows remote attackers to gain unauthorized access via the FTP service using hardcoded credentials.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- agent/source
- vendor/qnap
- canonical/qnap iartist lite
- version/qnap iartist lite/1.4.53.1
- canonical/qnap signage station
- version/qnap signage station/2.0