Unrated severityNVD Advisory· Published Oct 16, 2015· Updated May 6, 2026

CVE-2015-6003

Description

Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Affected products

Qnap/Qts2 versions
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*range: <=4.1.4
- cpe:2.3:o:qnap:qts:*:rc1:*:*:*:*:*:*range: <=4.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/751328nvdThird Party AdvisoryUS Government Resource
www.qnap.com/i/en/support/con_show.phpnvdVendor Advisory
www.securitytracker.com/id/1033794nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000