CVE-2019-7193

Warnung

Exploit

EPSS 44.88%
Veröffentlicht 05.12.2019 17:15:13
Zuletzt bearbeitet 13.02.2025 14:16:18
Quelle security@qnapsecurity.com.tw
Teams Watchlist Login
Unerledigt Login

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Qts Version4.3.6.0895 Update-

Qnap ≫ Qts Version4.3.6.0907 Update-

Qnap ≫ Qts Version4.3.6.0923 Update-

Qnap ≫ Qts Version4.3.6.0944 Update-

Qnap ≫ Qts Version4.3.6.0959 Update-

Qnap ≫ Qts Version4.3.6.0979 Update-

Qnap ≫ Qts Version4.3.6.0993 Update-

Qnap ≫ Qts Version4.3.6.1013 Update-

Qnap ≫ Qts Version4.3.6.1033 Update-

Qnap ≫ Qts Version4.4.1.0948 Updatebeta

Qnap ≫ Qts Version4.4.1.0949 Updatebeta

Qnap ≫ Qts Version4.4.1.0978 Updatebeta_2

Qnap ≫ Qts Version4.4.1.0998 Updatebeta_3

Qnap ≫ Qts Version4.4.1.0999 Updatebeta_3

Qnap ≫ Qts Version4.4.1.1031 Updatebeta_4

Qnap ≫ Qts Version4.4.1.1033 Updatebeta_4

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

QNAP QTS Improper Input Validation Vulnerability

Schwachstelle

QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	44.88%	0.975

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://www.qnap.com/zh-tw/security-advisory/nas-201911-25

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-7193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-7193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-7193

EUVD