{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T07:58:15.604","vulnerabilities":[{"cve":{"id":"CVE-2020-2504","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2020-12-24T02:15:12.657","lastModified":"2024-11-21T05:25:22.290","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."},{"lang":"es","value":"Si se explota, esta vulnerabilidad de salto de ruta absoluta podría permitir a atacantes saltar archivos en File Station. QNAP ya ha corregido estos problemas en QES versiones 2.1.1 Build 20201006 y posteriores"}],"metrics":{"cvssMetricV31":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qes:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.1","matchCriteriaId":"B5DBF31A-5D26-4C7D-8E69-31061FC16C6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qes:2.1.1:-:*:*:*:*:*:*","matchCriteriaId":"B075440F-4DEA-494D-AE27-1182CA4889D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qes:2.1.1:build_20200211:*:*:*:*:*:*","matchCriteriaId":"67632014-C383-490C-B048-4DFE88AD3F30"},{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qes:2.1.1:build_20200303:*:*:*:*:*:*","matchCriteriaId":"AF83A348-E7B1-4008-8313-9F28B9A9B020"},{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qes:2.1.1:build_20200319:*:*:*:*:*:*","matchCriteriaId":"AAF45709-BE55-45A4-8DD1-0D3E417D8382"},{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qes:2.1.1:build_20200424:*:*:*:*:*:*","matchCriteriaId":"7C956E79-D019-4AE3-BB65-9A70282CD780"},{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qes:2.1.1:build_20200515:*:*:*:*:*:*","matchCriteriaId":"DB21A827-5B92-468F-9BD0-09EB3E8A2ED4"},{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qes:2.1.1:build_20200811:*:*:*:*:*:*","matchCriteriaId":"DA11F0F0-236A-4A24-9AF7-DC8E78D5AA3C"}]}]}],"references":[{"url":"https://www.qnap.com/zh-tw/security-advisory/qsa-20-17","source":"security@qnapsecurity.com.tw","tags":["Vendor Advisory"]},{"url":"https://www.qnap.com/zh-tw/security-advisory/qsa-20-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}