CVE-2019-7195

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 29, 2019
Published Date: December 05, 2019
Last Updated: February 06, 2025
Vendor: QNAP
Product: QNAP NAS devices running Photo Station
Description: This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2022-06-08 00:00:00 UTC) Source
Used in Malware: Yes (added 2022-06-08 00:00:00 UTC) Source

References

https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-06-08 00:00:00 UTC

Timeline

CVE ID Reserved

January 29, 2019
CVE Published to Public

December 05, 2019
Exploit Used in Malware

June 08, 2022
Added to KEVIntel

June 08, 2022