CVE-2019-7194

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 29, 2019
Published Date: December 05, 2019
Last Updated: February 06, 2025
Vendor: n/a
Product: QNAP NAS devices running Photo Station
Description: This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-06-08 00:00:00 UTC) Source
Used in Malware: Yes (added 2022-06-08 00:00:00 UTC) Source

References

https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-06-08 00:00:00 UTC