An incorrect authorization flaw in QNAP File Station 6 allows an authenticated attacker to bypass intended access controls and gain unauthorized data access.

This is an incorrect authorization vulnerability. A remote attacker with a valid user account can exploit this flaw to bypass established access restrictions, effectively accessing resources they are not authorized to view or modify.

The CVSS score of 8.1 (High) indicates a significant failure in the principle of least privilege. Successful exploitation could lead to unauthorized data exposure, potential modification of sensitive business files, and a breach of data confidentiality within the storage environment.

Immediate Action: Update to File Station 5 version 5.5.6.5243 or later to remediate the authorization logic flaw.

Proactive Monitoring: Audit user access logs to identify any anomalous file access patterns or unauthorized attempts to traverse directories.

Compensating Controls: Implement strict folder-level permissions and ensure that multi-factor authentication (MFA) is enabled for all user accounts to minimize the risk of compromised credentials being used for exploitation.

Public Exploit Available: false

Administrators must verify their current version of File Station and apply the necessary updates immediately. Given that this is an authorization bypass, it is vital to ensure that user accounts are properly secured and that auditing is enabled to detect any potential abuse.