Primary

Context

Q-Free MaxTime Missing Authorization Vulnerability in User Enumeration

Vulnerability

A missing authorization vulnerability has been identified in Q-Free MaxTime versions through 2.11.0. This vulnerability allows authenticated low-privileged attackers to enumerate users by sending crafted HTTP requests to the user endpoint.

Impact

Exploitation of this vulnerability could lead to user enumeration, allowing attackers to identify valid usernames and potentially conduct brute-force or credential-stuffing attacks.

Remediation

No official solution has been communicated by the vendor. As a temporary measure, it is recommended to review all accounts on the management web application exposed by devices running Q-Free MaxTime through version 2.11.0 and delete any unnecessary accounts.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Q-Free MaxTime Missing Authorization Vulnerability in User Enumeration

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating