CVE-2017-20210
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-14
Assigner: QNAP Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | photo_station | 5.2.7 |
| qnap | photo_station | 5.4.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2017-20210 is a critical security vulnerability in QNAP Photo Station versions earlier than 5.4.1 (for QTS 4.3.x) and 5.2.7 (for QTS 4.2.x). It allows unauthorized exploitation by XMR (Monero) mining programs, meaning attackers could use the affected system to mine cryptocurrency without permission. This vulnerability was identified through internal research and fixed by QNAP in the specified versions. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to run unauthorized Monero mining programs on your QNAP Photo Station, which can degrade system performance, increase power consumption, and potentially cause hardware damage due to excessive resource usage. It may also lead to unauthorized use of your system's resources and possible security risks associated with compromised devices. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking for unauthorized XMR mining activity and malware presence. After updating the Malware Remover application to the latest version, verify malware detection and removal by reviewing system event logs via Control Panel > System > System Logs > System Event Logs on your QNAP device. Specific command-line instructions are not provided, but monitoring system logs for mining-related events is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediately upgrade your QNAP Photo Station application to version 5.4.1 (for QTS 4.3.x) or 5.2.7 (for QTS 4.2.x) to apply the security fix. Also, install or update the Malware Remover application to the latest version to protect against new variants of mining malware. The update can be done by logging into QTS as an administrator, accessing the App Center, searching for 'Photo Station' and 'Malware Remover,' and clicking Update or Install as appropriate. [1]