CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1CVE-2009-3200
https://notcve.org/view.php?id=CVE-2009-3200
21 Sep 2009 — The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command. QNAP TS-239 Pro y TS-639 Pro con firmware v2.1.7 0613, v3.1.0 0627, y v3.1.1 0815 crea una clave de recuperación no documentada y la almacena en la variable... • http://forum.qnap.com/viewtopic.php?f=11&t=11214&start=20#p63346 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2009-3279
https://notcve.org/view.php?id=CVE-2009-3279
21 Sep 2009 — The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack. El QNAP TS-239 Pro y TS-639 Pro con firmware v2.1.7 0613, v3.1.0 0627, y v3.1.1 0815 crea una partición LUKS empleando el cifrado AES-256 en modo CBC plano, lo que permite a usuarios locales obtener información sensible a través de un ataque "watermark". • http://secunia.com/advisories/36793 • CWE-310: Cryptographic Issues •