Vulnerability Details CVE-2019-7192
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.943
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.
Ransomware Campaign
Known
References
- http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
- https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
- http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
- https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
Products affected by CVE-2019-7192
-
cpe:2.3:a:qnap:photo_station:-
-
cpe:2.3:a:qnap:photo_station:5.2.0
-
cpe:2.3:a:qnap:photo_station:5.2.1
-
cpe:2.3:a:qnap:photo_station:5.2.14
-
cpe:2.3:a:qnap:photo_station:5.2.2
-
cpe:2.3:a:qnap:photo_station:5.2.3
-
cpe:2.3:a:qnap:photo_station:5.2.4
-
cpe:2.3:a:qnap:photo_station:5.2.5
-
cpe:2.3:a:qnap:photo_station:5.2.6
-
cpe:2.3:a:qnap:photo_station:5.2.7
-
cpe:2.3:a:qnap:photo_station:5.2.8
-
cpe:2.3:a:qnap:photo_station:5.2.9
-
cpe:2.3:a:qnap:photo_station:5.3.4
-
cpe:2.3:a:qnap:photo_station:5.3.5
-
cpe:2.3:a:qnap:photo_station:5.3.6
-
cpe:2.3:a:qnap:photo_station:5.4.0
-
cpe:2.3:a:qnap:photo_station:5.4.1
-
cpe:2.3:a:qnap:photo_station:5.4.10
-
cpe:2.3:a:qnap:photo_station:5.4.11
-
cpe:2.3:a:qnap:photo_station:5.4.12
-
cpe:2.3:a:qnap:photo_station:5.4.13
-
cpe:2.3:a:qnap:photo_station:5.4.15
-
cpe:2.3:a:qnap:photo_station:5.4.2
-
cpe:2.3:a:qnap:photo_station:5.4.3
-
cpe:2.3:a:qnap:photo_station:5.4.4
-
cpe:2.3:a:qnap:photo_station:5.4.5
-
cpe:2.3:a:qnap:photo_station:5.4.6
-
cpe:2.3:a:qnap:photo_station:5.4.7
-
cpe:2.3:a:qnap:photo_station:5.4.8
-
cpe:2.3:a:qnap:photo_station:5.4.9
-
cpe:2.3:a:qnap:photo_station:5.6.0
-
cpe:2.3:a:qnap:photo_station:5.6.1
-
cpe:2.3:a:qnap:photo_station:5.6.2
-
cpe:2.3:a:qnap:photo_station:5.6.3
-
cpe:2.3:a:qnap:photo_station:5.7.0
-
cpe:2.3:a:qnap:photo_station:5.7.1
-
cpe:2.3:a:qnap:photo_station:5.7.11
-
cpe:2.3:a:qnap:photo_station:5.7.12
-
cpe:2.3:a:qnap:photo_station:5.7.13
-
cpe:2.3:a:qnap:photo_station:5.7.14
-
cpe:2.3:a:qnap:photo_station:5.7.15
-
cpe:2.3:a:qnap:photo_station:5.7.16
-
cpe:2.3:a:qnap:photo_station:5.7.18
-
cpe:2.3:a:qnap:photo_station:5.7.2
-
cpe:2.3:a:qnap:photo_station:5.7.3
-
cpe:2.3:a:qnap:photo_station:5.7.4
-
cpe:2.3:a:qnap:photo_station:5.7.5
-
cpe:2.3:a:qnap:photo_station:5.7.6
-
cpe:2.3:a:qnap:photo_station:6.0.0
-
cpe:2.3:a:qnap:photo_station:6.0.1
-
cpe:2.3:a:qnap:photo_station:6.0.2
-
cpe:2.3:o:qnap:qts:4.2.6
-
cpe:2.3:o:qnap:qts:4.3.1.0013
-
cpe:2.3:o:qnap:qts:4.3.1.0023
-
cpe:2.3:o:qnap:qts:4.3.2.0050
-
cpe:2.3:o:qnap:qts:4.3.2.0060
-
cpe:2.3:o:qnap:qts:4.3.2.0144
-
cpe:2.3:o:qnap:qts:4.3.3
-
cpe:2.3:o:qnap:qts:4.3.4
-
cpe:2.3:o:qnap:qts:4.3.4.0358
-
cpe:2.3:o:qnap:qts:4.3.4.0370
-
cpe:2.3:o:qnap:qts:4.3.4.0372
-
cpe:2.3:o:qnap:qts:4.3.4.0374
-
cpe:2.3:o:qnap:qts:4.3.4.0387
-
cpe:2.3:o:qnap:qts:4.3.4.0411
-
cpe:2.3:o:qnap:qts:4.3.4.0416
-
cpe:2.3:o:qnap:qts:4.3.4.0427
-
cpe:2.3:o:qnap:qts:4.3.4.0434
-
cpe:2.3:o:qnap:qts:4.3.4.0435
-
cpe:2.3:o:qnap:qts:4.3.4.0451
-
cpe:2.3:o:qnap:qts:4.3.4.0483
-
cpe:2.3:o:qnap:qts:4.3.4.0486
-
cpe:2.3:o:qnap:qts:4.3.4.0506
-
cpe:2.3:o:qnap:qts:4.3.4.0516
-
cpe:2.3:o:qnap:qts:4.3.4.0526
-
cpe:2.3:o:qnap:qts:4.3.4.0551
-
cpe:2.3:o:qnap:qts:4.3.4.0557
-
cpe:2.3:o:qnap:qts:4.3.4.0561
-
cpe:2.3:o:qnap:qts:4.3.4.0569
-
cpe:2.3:o:qnap:qts:4.3.4.0593
-
cpe:2.3:o:qnap:qts:4.3.4.0597
-
cpe:2.3:o:qnap:qts:4.3.4.0604
-
cpe:2.3:o:qnap:qts:4.3.4.0899
-
cpe:2.3:o:qnap:qts:4.3.4.1029
-
cpe:2.3:o:qnap:qts:4.3.4.1082
-
cpe:2.3:o:qnap:qts:4.3.4.1190
-
cpe:2.3:o:qnap:qts:4.3.4.1282
-
cpe:2.3:o:qnap:qts:4.3.4.1368
-
cpe:2.3:o:qnap:qts:4.3.4.1417
-
cpe:2.3:o:qnap:qts:4.3.4.1463
-
cpe:2.3:o:qnap:qts:4.3.4.1632
-
cpe:2.3:o:qnap:qts:4.3.4.1652
-
cpe:2.3:o:qnap:qts:4.3.4.1976
-
cpe:2.3:o:qnap:qts:4.3.4.2107
-
cpe:2.3:o:qnap:qts:4.3.4.2242
-
cpe:2.3:o:qnap:qts:4.3.4.2451
-
cpe:2.3:o:qnap:qts:4.3.4.2675
-
cpe:2.3:o:qnap:qts:4.3.4.2814
-
cpe:2.3:o:qnap:qts:4.3.5
-
cpe:2.3:o:qnap:qts:4.3.6
-
cpe:2.3:o:qnap:qts:4.3.6.0895
-
cpe:2.3:o:qnap:qts:4.3.6.0907
-
cpe:2.3:o:qnap:qts:4.3.6.0923
-
cpe:2.3:o:qnap:qts:4.3.6.0944
-
cpe:2.3:o:qnap:qts:4.3.6.0959
-
cpe:2.3:o:qnap:qts:4.3.6.0979
-
cpe:2.3:o:qnap:qts:4.3.6.0993
-
cpe:2.3:o:qnap:qts:4.3.6.1013
-
cpe:2.3:o:qnap:qts:4.3.6.1033
-
cpe:2.3:o:qnap:qts:4.3.6.1070
-
cpe:2.3:o:qnap:qts:4.3.6.1154
-
cpe:2.3:o:qnap:qts:4.3.6.1218
-
cpe:2.3:o:qnap:qts:4.3.6.1263
-
cpe:2.3:o:qnap:qts:4.3.6.1286
-
cpe:2.3:o:qnap:qts:4.3.6.1333
-
cpe:2.3:o:qnap:qts:4.3.6.1411
-
cpe:2.3:o:qnap:qts:4.3.6.1446
-
cpe:2.3:o:qnap:qts:4.3.6.1620
-
cpe:2.3:o:qnap:qts:4.3.6.1663
-
cpe:2.3:o:qnap:qts:4.3.6.1711
-
cpe:2.3:o:qnap:qts:4.3.6.1750
-
cpe:2.3:o:qnap:qts:4.3.6.1831
-
cpe:2.3:o:qnap:qts:4.3.6.1907
-
cpe:2.3:o:qnap:qts:4.3.6.1965
-
cpe:2.3:o:qnap:qts:4.3.6.2050
-
cpe:2.3:o:qnap:qts:4.3.6.2232
-
cpe:2.3:o:qnap:qts:4.3.6.2441
-
cpe:2.3:o:qnap:qts:4.3.6.2665
-
cpe:2.3:o:qnap:qts:4.3.6.2805
-
cpe:2.3:o:qnap:qts:4.4.0
-
cpe:2.3:o:qnap:qts:4.4.1