CVE-2014-5457
https://notcve.org/view.php?id=CVE-2014-5457
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password. QNAP TS-469U con firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, y SS-839 utilizan permisos de lectura universal para /etc/config/shadow, lo que permite a usuarios locales obtener los nombres de los usuarios y las contraseñas en hash mediante la lectura de la contraseña. • http://seclists.org/fulldisclosure/2014/Jul/57 http://seclists.org/fulldisclosure/2014/Jul/58 http://seclists.org/fulldisclosure/2014/Jul/59 http://seclists.org/fulldisclosure/2014/Jul/61 • CWE-264: Permissions, Privileges, and Access Controls •