CVE-2017-20210
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2017-20210, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-11

Last updated on: 2025-11-14

Assigner: QNAP Systems, Inc.

Description

Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-11
Last Modified
2025-11-14
Generated
2026-07-06
AI Q&A
2025-11-11
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
qnap photo_station 5.2.7
qnap photo_station 5.4.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2017-20210 is a critical security vulnerability in QNAP Photo Station versions earlier than 5.4.1 (for QTS 4.3.x) and 5.2.7 (for QTS 4.2.x). It allows unauthorized exploitation by XMR (Monero) mining programs, meaning attackers could use the affected system to mine cryptocurrency without permission. This vulnerability was identified through internal research and fixed by QNAP in the specified versions. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to run unauthorized Monero mining programs on your QNAP Photo Station, which can degrade system performance, increase power consumption, and potentially cause hardware damage due to excessive resource usage. It may also lead to unauthorized use of your system's resources and possible security risks associated with compromised devices. [1]

Detection Guidance

You can detect this vulnerability by checking for unauthorized XMR mining activity and malware presence. After updating the Malware Remover application to the latest version, verify malware detection and removal by reviewing system event logs via Control Panel > System > System Logs > System Event Logs on your QNAP device. Specific command-line instructions are not provided, but monitoring system logs for mining-related events is recommended. [1]

Mitigation Strategies

Immediately upgrade your QNAP Photo Station application to version 5.4.1 (for QTS 4.3.x) or 5.2.7 (for QTS 4.2.x) to apply the security fix. Also, install or update the Malware Remover application to the latest version to protect against new variants of mining malware. The update can be done by logging into QTS as an administrator, accessing the App Center, searching for 'Photo Station' and 'Malware Remover,' and clicking Update or Install as appropriate. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20210. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart