10

CVE-2019-7193

Warning
Exploit

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

Data is provided by the National Vulnerability Database (NVD)
QnapQts Version4.3.6.0895 Update-
QnapQts Version4.3.6.0907 Update-
QnapQts Version4.3.6.0923 Update-
QnapQts Version4.3.6.0944 Update-
QnapQts Version4.3.6.0959 Update-
QnapQts Version4.3.6.0979 Update-
QnapQts Version4.3.6.0993 Update-
QnapQts Version4.3.6.1013 Update-
QnapQts Version4.3.6.1033 Update-
QnapQts Version4.4.1.0948 Updatebeta
QnapQts Version4.4.1.0949 Updatebeta
QnapQts Version4.4.1.0978 Updatebeta_2
QnapQts Version4.4.1.0998 Updatebeta_3
QnapQts Version4.4.1.0999 Updatebeta_3
QnapQts Version4.4.1.1031 Updatebeta_4
QnapQts Version4.4.1.1033 Updatebeta_4

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

QNAP QTS Improper Input Validation Vulnerability

Vulnerability

QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 44.88% 0.975
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.