CVE-2022-40984 An attacker can crash WTViewerE 761941 and WTViewerEfree by processing a long file name.
An attacker can send a malformed file to the product via email or file sharing, or send a malformed HTTP request to the product via web server. Processing a long file name can lead to a buffer overflow. An attacker can send a malformed file name to the product. This can result in a buffer overflow in the product. An attacker can send a malformed HTTP request to the product via web server. This can result in a buffer overflow in the product. - CVE-2017-7985 - Information leak due to an out of bounds read when handling crafted input in the WebServer in WTViewerE 761941 series, WTViewerE 761941 from 1.31 to 1.61, WTViewerEfree from 1.01 to 1.52, and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by sending a malformed Internet communication. - CVE-2017-7986 - Information leak due to an out of bounds read when handling crafted input in the WebServer in WTViewerE 761941 series, WTViewerE 761941 from 1.31 to 1.61, WTViewerEfree from 1.01 to 1.52, and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by sending a malformed Internet communication. - CVE-2017-79
Products Affected by CVE-2017-7985 and CVE-2017-7996
Product Name and Version Product URL WTViewerE 761941 series, WTViewerE 761941 from 1.31 to 1.61, WTViewerEfree from 1.01 to 1.52, and WTViewerEfree from 1.01 to 1.52
>>END
QNAP Product Description
QNAP is a leading global provider of NAS solutions for SMB, workgroup and enterprise customers. QNAP offers personal cloud servers, professional storage devices, network-attached storage (NAS) and storage arrays.
QNAP's latest 8-Bay Thunderbolt 3 Rackmount NAS, the TS-879X+ is an ideal home server with powerful performance that meets all your needs. Supporting up to six 4K monitors or two 5K displays, this unit delivers the ultimate multimedia experience with support for high resolution content streaming via HDMI and DisplayPort in addition to its built-in 10 GbE LAN port. Along with dual 10GbE LAN ports, the TS-879X+ offers redundant power supply units that are hot swappable from front panel.
In addition to providing solid reliability and compatibility with major operating systems such as Windows®, Mac®, Linux®, QNAP provides extensive software packages such as QTS software that provide the most comprehensive set of features available on any NAS platform today including a web based management console for easy setup, service monitoring, firmware updates and more secure configuration options.
The TS-879X+ also supports virtualization technology so you can run multiple guest operating systems simultaneously on the same hardware without sacrificing performance. With its Thunderbolt™ 3 interface supporting up to 40 Gbps data transfer speed, this unit is designed to handle even your most demanding applications easily.
The table below lists the action required to remediate the most common web vulnerabilities
An attacker can send a malformed file to the product via email or file sharing, or send a malformed HTTP request to the product via web server.
Processing a long file name can lead to a buffer overflow. An attacker can send a malformed file name to the product. This can result in a buffer overflow in the product. An attacker can send a malformed HTTP request to the product via web server. This can result in a buffer overflow in the product. - CVE-2017-7985 - Information leak due to an out of bounds read when handling crafted input in the WebServer in WTViewerE 761941 series, WTViewerE 761941 from 1.31 to 1.61, WTViewerEfree from 1.01 to 1.52, and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by sending a malformed Internet communication. - CVE-2017-7986 - Information leak due to an out of bounds read when handling crafted input in the WebServer in WTViewerE 761941 series, WTViewerE 761941 from 1.31 to 1.61, WTViewerEfree from 1.01 to 1.52, and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by sending a malformed Internet communication. -
Product Description
Smart TV is a device that connects to the Internet and allows users to browse, watch, and listen to digital media content. It may also connect to external devices, such as video game consoles or Blu-ray disc players.
Products Affected by CVE-2017-7985
, CVE-2017-7986
The products that are affected by this vulnerability are WTViewerE 761941 series, WTViewerE 761941 from 1.31 to 1.61, WTViewerEfree from 1.01 to 1.52, and WTViewerEfree from 1.01 to 1.52.
Timeline
Published on: 10/24/2022 14:15:00 UTC
Last modified on: 10/25/2022 13:50:00 UTC