Unrated severityNVD Advisory· Published Sep 21, 2009· Updated Apr 23, 2026

CVE-2009-3279

Description

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack.

Affected products

Qnap/Ts 239 Pro Turbo Nas3 versions
cpe:2.3:h:qnap:ts-239_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:h:qnap:ts-239_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*
- cpe:2.3:h:qnap:ts-239_pro_turbo_nas:3.1.0_0627:*:*:*:*:*:*:*
- cpe:2.3:h:qnap:ts-239_pro_turbo_nas:3.1.1_0815:*:*:*:*:*:*:*
Qnap/Ts 639 Pro Turbo Nas3 versions
cpe:2.3:h:qnap:ts-639_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:h:qnap:ts-639_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*
- cpe:2.3:h:qnap:ts-639_pro_turbo_nas:3.1.0_0627:*:*:*:*:*:*:*
- cpe:2.3:h:qnap:ts-639_pro_turbo_nas:3.1.1_0815:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000