Qnap: >> Photo Station Security Vulnerabilities
CVE-2019-7192
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
Known exploited
CVSS Score
9.8
EPSS Score
0.941
Published
2019-12-05
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-02-01
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.
CVSS Score
6.1
EPSS Score
0.044
Published
2018-08-27
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-04-23
QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-06-09
Page 3