CVE-2019-7193

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 29, 2019
Published Date: December 05, 2019
Last Updated: February 06, 2025
Vendor: n/a
Product: QNAP NAS devices
Description: This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-06-08 00:00:00 UTC) Source
Used in Malware: Yes (added 2022-06-08 00:00:00 UTC) Source

References

https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-06-08 00:00:00 UTC