{"api_version":"1","generated_at":"2026-04-23T11:33:23+00:00","cve":"CVE-2015-7261","urls":{"html":"https://cve.report/CVE-2015-7261","api":"https://cve.report/api/cve/CVE-2015-7261.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-7261","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-7261"},"summary":{"title":"CVE-2015-7261","description":"The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2016-02-27 05:59:00","updated_at":"2016-03-11 15:09:00"},"problem_types":["CWE-255"],"metrics":[],"references":[{"url":"http://www.kb.cert.org/vuls/id/444472","name":"VU#444472","refsource":"CERT-VN","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#444472 - QNAP Signage Station and iArtist Lite contain multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-7261","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7261","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"7261","vulnerable":"1","versionEndIncluding":"1.4.53.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qnap","cpe5":"iartist_lite","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7261","vulnerable":"1","versionEndIncluding":"2.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qnap","cpe5":"signage_station","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2015-7261","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"VU#444472","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/444472"}]}},"nvd":{"publishedDate":"2016-02-27 05:59:00","lastModifiedDate":"2016-03-11 15:09:00","problem_types":["CWE-255"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qnap:iartist_lite:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4.53.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qnap:signage_station:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"7261","Ordinal":"84266","Title":"CVE-2015-7261","CVE":"CVE-2015-7261","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"7261","Ordinal":"1","NoteData":"The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"7261","Ordinal":"2","NoteData":"2016-02-26","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"7261","Ordinal":"3","NoteData":"2016-02-26","Type":"Other","Title":"Modified"}]}}}