Hyper Data Protector: Unauthorized Access via Hard-Coded Password

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.6

Hyper Data Protector: Unauthorized Access via Hard-Coded Password

CVE-2025-59388

Summary

A security issue in Hyper Data Protector allows attackers to access the system without a password. This means unauthorized people might be able to access sensitive information or take control of the system. Update to version 2.3.1.455 or later to fix this issue.

Original title

A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fi...

Original description

A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access.

We have already fixed the vulnerability in the following version:
Hyper Data Protector 2.3.1.455 and later

nvd CVSS4.0 6.6

Vulnerability type

CWE-259

https://www.qnap.com/en/security-advisory/qsa-25-48

Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026