Multiple vulnerabilities in QNAP Systems QTS and Photo Station
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2019-7195 CVE-2019-7194 CVE-2019-7193 CVE-2019-7192 |
| CWE-ID | CWE-610 CWE-20 CWE-284 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Vulnerability #4 is being exploited in the wild. |
| Vulnerable software |
QNAP QTS Server applications / File servers (FTP/HTTP) Photo Station Client/Desktop applications / Other client software |
| Vendor | QNAP Systems, Inc. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Externally Controlled Reference to a Resource in Another Sphere
EUVDB-ID: #VU28117
Risk: High
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2019-7195
CWE-ID:
CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. A remote attacker can access or modify system files.
Install updates from vendor's website.
Vulnerable software versionsQNAP QTS: 4.2.6 2018082 - 4.4.1.1033 20190818
Photo Station: 5.2.0 - 6.0.2
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20200421:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.6.1033:20190813:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:qnap_qts:4.4.1.1033:20190818:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.2.10:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.4.8:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.7.9:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:6.0.2:*:*:*:*:*:*:
http://www.qnap.com/zh-tw/security-advisory/nas-201911-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Externally Controlled Reference to a Resource in Another Sphere
EUVDB-ID: #VU28116
Risk: High
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2019-7194
CWE-ID:
CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. A remote attacker can access or modify system files.
Install updates from vendor's website.
Vulnerable software versionsQNAP QTS: 4.2.6 2018082 - 4.4.1.1033 20190818
Photo Station: 5.2.0 - 6.0.2
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20200421:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.6.1033:20190813:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:qnap_qts:4.4.1.1033:20190818:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.2.10:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.4.8:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.7.9:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:6.0.2:*:*:*:*:*:*:
http://www.qnap.com/zh-tw/security-advisory/nas-201911-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Input validation error
EUVDB-ID: #VU28115
Risk: High
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2019-7193
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and execute arbitrarycode on the target system.
Install updates from vendor's website.
Vulnerable software versionsQNAP QTS: 4.2.6 2018082 - 4.4.1.1033 20190818
Photo Station: 5.2.0 - 6.0.2
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20200421:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.6.1033:20190813:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:qnap_qts:4.4.1.1033:20190818:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.2.10:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.4.8:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.7.9:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:6.0.2:*:*:*:*:*:*:
http://www.qnap.com/zh-tw/security-advisory/nas-201911-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Improper access control
EUVDB-ID: #VU28114
Risk: High
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2019-7192
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQNAP QTS: 4.2.6 2018082 - 4.4.1.1033 20190818
Photo Station: 5.2.0 - 6.0.2
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20200421:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.6.1033:20190813:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:qnap_qts:4.4.1.1033:20190818:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.2.10:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.4.8:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:5.7.9:*:*:*:*:*:*:
- cpe:2.3:a:qnap_systems:photo_station:6.0.2:*:*:*:*:*:*:
http://www.qnap.com/zh-tw/security-advisory/nas-201911-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
