9.8
CVE-2019-7192
- EPSS 94.07%
- Published 05.12.2019 17:15:12
- Last modified 13.02.2025 14:18:25
- Source security@qnapsecurity.com.tw
- Teams watchlist Login
- Open Login
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
Data is provided by the National Vulnerability Database (NVD)
Qnap ≫ Photo Station Version < 6.0.3
Qnap ≫ Photo Station Version < 5.7.10
Qnap ≫ Photo Station Version < 5.4.9
Qnap ≫ Photo Station Version < 5.2.11
08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
QNAP Photo Station Improper Access Control Vulnerability
VulnerabilityQNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.07% | 0.999 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.