CVE-2019-7193
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/12/2019
Last modified:
13/02/2025
Description
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:qnap:qts:4.3.6.0895:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0907:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0923:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0944:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0959:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0979:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0993:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.1013:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.1033:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.4.1.0948:beta:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.4.1.0949:beta:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.4.1.0978:beta_2:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.4.1.0998:beta_3:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.4.1.0999:beta_3:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.4.1.1031:beta_4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
- https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
- http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
- https://www.qnap.com/zh-tw/security-advisory/nas-201911-25