Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
QNAP VioStor NVR 跨站请求伪造漏洞
Vulnerability Description
QNAP VioStor NVR是台湾威联通(QNAP Systems)科技股份有限公司为基于IP的实时监控和视频录制提供的一套网络视频监控系统。用于零售、家庭办公、银行、酒店、工业、政府和教育机构行业。 QNAP VioStor NVR设备带有固件4.0.3版本中的cgi-bin/create_user.cgi中存在跨站请求伪造漏洞。远程攻击者可通过NEW USER操作利用该漏洞劫持任意通过认证管理员发送的创建管理账号的请求。
CVSS Information
N/A
Vulnerability Type
N/A