CVE-2009-3200 Information

Feb 14, 2021 cve

Description

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613 3.1.0 0627 and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable deobfuscating the key and running a cryptsetup luksOpen command.

Reference

http://forum.qnap.com/viewtopic.php?f=11&t=11214&start=20p63346 http://forum.qnap.com/viewtopic.php?f=12&t=12104&start=10p63341 http://secunia.com/advisories/36793 http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt http://www.securityfocus.com/archive/1/506607/100/0/threaded http://www.securityfocus.com/bid/36467 http://www.securitytracker.com/id?1022916 https://exchange.xforce.ibmcloud.com/vulnerabilities/53391

Share on: