{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2017-20210","assignerOrgId":"2fd009eb-170a-4625-932b-17a53af1051f","state":"PUBLISHED","assignerShortName":"qnap","dateReserved":"2025-11-07T01:00:30.680Z","datePublished":"2025-11-11T09:45:36.383Z","dateUpdated":"2025-11-13T15:45:42.002Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Photo Station","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"5.4.1","status":"affected","version":"5.4.x","versionType":"custom"},{"lessThan":"5.2.7","status":"affected","version":"5.2.x","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:qnap_systems_inc.:photo_station:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.1","versionStartIncluding":"5.4.x","vulnerable":true},{"criteria":"cpe:2.3:a:qnap_systems_inc.:photo_station:*:*:*:*:*:*:*:*","versionEndExcluding":"5.2.7","versionStartIncluding":"5.2.x","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Photo Station 5.4.1 &amp; 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.</span><br>"}],"value":"Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research."}],"providerMetadata":{"orgId":"2fd009eb-170a-4625-932b-17a53af1051f","shortName":"qnap","dateUpdated":"2025-11-11T09:45:36.383Z"},"references":[{"url":"https://www.qnap.com/en-in/security-advisory/nas-201705-04"}],"source":{"discovery":"UNKNOWN"},"title":"Photo Station","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-200","lang":"en","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-11-13T15:40:50.872605Z","id":"CVE-2017-20210","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-13T15:45:42.002Z"}}]}}