Vulnerability Details CVE-2019-7193
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.584
EPSS Ranking 98.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
Ransomware Campaign
Known
References
- http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
- https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
- http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
- https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
Products affected by CVE-2019-7193
-
cpe:2.3:o:qnap:qts:4.3.6.0895
-
cpe:2.3:o:qnap:qts:4.3.6.0907
-
cpe:2.3:o:qnap:qts:4.3.6.0923
-
cpe:2.3:o:qnap:qts:4.3.6.0944
-
cpe:2.3:o:qnap:qts:4.3.6.0959
-
cpe:2.3:o:qnap:qts:4.3.6.0979
-
cpe:2.3:o:qnap:qts:4.3.6.0993
-
cpe:2.3:o:qnap:qts:4.3.6.1013
-
cpe:2.3:o:qnap:qts:4.3.6.1033
-
cpe:2.3:o:qnap:qts:4.4.1.0948
-
cpe:2.3:o:qnap:qts:4.4.1.0949
-
cpe:2.3:o:qnap:qts:4.4.1.0978
-
cpe:2.3:o:qnap:qts:4.4.1.0998
-
cpe:2.3:o:qnap:qts:4.4.1.0999
-
cpe:2.3:o:qnap:qts:4.4.1.1031
-
cpe:2.3:o:qnap:qts:4.4.1.1033