Improper Auth in Music Station <5.4.0 allows remote compromise
CVE-2023-45038 Published on September 6, 2024

Music Station
An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later

NVD

Vulnerability Analysis

CVE-2023-45038 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is an authentification Vulnerability?

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE-2023-45038 has been classified to as an authentification vulnerability or weakness.


Products Associated with CVE-2023-45038

Want to know whenever a new CVE is published for QNAP Music Station? stack.watch will email you.

QNAP Music Station
 

Affected Versions

QNAP Systems Inc. Music Station:

Exploit Probability

EPSS
8.54%
Percentile
92.27%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.