Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for Media Streaming add-on by QNAP Systems Inc.

    CVE-2025-59383 (GCVE-0-2025-59383)

    Vulnerability from nvd – Published: 2026-03-20 16:22 – Updated: 2026-03-25 14:00
    VLAI
    Title
    Media Streaming Add-on
    Summary
    A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming Add-on Affected: 500.1.x , < 500.1.1 (custom)
    Create a notification for this product.
    Credits
    Dohwan KIM (neko_hat from Chung-Ang UNIV.)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T14:00:12.618673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T14:00:24.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming Add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dohwan KIM (neko_hat from Chung-Ang UNIV.)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming Add-on 500.1.1 and later\u003cbr\u003e"
                }
              ],
              "value": "A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming Add-on 500.1.1 and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-20T16:22:07.367Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-26-09"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming Add-on 500.1.1 and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming Add-on 500.1.1 and later"
            }
          ],
          "source": {
            "advisory": "QSA-26-09",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming Add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2025-59383",
        "datePublished": "2026-03-20T16:22:07.367Z",
        "dateReserved": "2025-09-15T08:35:00.660Z",
        "dateUpdated": "2026-03-25T14:00:24.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56808 (GCVE-0-2024-56808)

    Vulnerability from nvd – Published: 2026-02-11 12:20 – Updated: 2026-02-11 14:27
    VLAI
    Title
    Media Streaming add-on
    Summary
    A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.6 ( 2024/08/02 ) (custom)
    Create a notification for this product.
    Credits
    dcs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T14:24:47.673685Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T14:27:11.982Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.6 ( 2024/08/02 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "dcs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "PHYSICAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-11T12:20:08.765Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-25-57"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-25-57",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-56808",
        "datePublished": "2026-02-11T12:20:08.765Z",
        "dateReserved": "2024-12-31T09:31:29.719Z",
        "dateUpdated": "2026-02-11T14:27:11.982Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56807 (GCVE-0-2024-56807)

    Vulnerability from nvd – Published: 2026-02-11 12:20 – Updated: 2026-02-11 14:23
    VLAI
    Title
    Media Streaming add-on
    Summary
    An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.6 ( 2024/08/02 ) (custom)
    Create a notification for this product.
    Credits
    dcs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56807",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T14:23:39.836885Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T14:23:50.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.6 ( 2024/08/02 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "dcs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-11T12:20:14.724Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-25-57"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-25-57",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-56807",
        "datePublished": "2026-02-11T12:20:14.724Z",
        "dateReserved": "2024-12-31T09:31:29.719Z",
        "dateUpdated": "2026-02-11T14:23:50.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-50395 (GCVE-0-2024-50395)

    Vulnerability from nvd – Published: 2024-11-22 15:31 – Updated: 2024-11-22 16:48
    VLAI
    Title
    Media Streaming add-on
    Summary
    An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.6 ( 2024/08/02 ) (custom)
    Create a notification for this product.
    qnap media_streaming_add-on Affected: 500.1.0 , < 500.1.1.6 (custom)
        cpe:2.3:a:qnap:media_streaming_add-on:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dohwan KIM (neko_hat from TeamH4C)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:media_streaming_add-on:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "media_streaming_add-on",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "500.1.1.6",
                    "status": "affected",
                    "version": "500.1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-50395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T16:47:38.380177Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T16:48:42.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.6 ( 2024/08/02 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dohwan KIM (neko_hat from TeamH4C)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-77",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-77"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:31:47.697Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-47"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-47",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-50395",
        "datePublished": "2024-11-22T15:31:47.697Z",
        "dateReserved": "2024-10-24T03:41:08.490Z",
        "dateUpdated": "2024-11-22T16:48:42.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47220 (GCVE-0-2023-47220)

    Vulnerability from nvd – Published: 2024-05-03 02:32 – Updated: 2024-08-02 21:01
    VLAI
    Title
    Media Streaming add-on
    Summary
    An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.5 ( 2024/01/22 ) (custom)
    Create a notification for this product.
    qnap media_streaming_add-on Affected: 500.1*
        cpe:2.3:a:qnap:media_streaming_add-on:500.1*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    YingMuo (@YingMuo), working with DEVCORE Internship Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:media_streaming_add-on:500.1*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "media_streaming_add-on",
                "vendor": "qnap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "500.1*"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:03:18.647922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:46.113Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:01:22.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-24-15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on ",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.5 ( 2024/01/22 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "YingMuo (@YingMuo), working with DEVCORE Internship Program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T02:32:04.674Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-15"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\n"
            }
          ],
          "source": {
            "advisory": "QSA-24-15",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-47220",
        "datePublished": "2024-05-03T02:32:04.674Z",
        "dateReserved": "2023-11-03T09:47:36.054Z",
        "dateUpdated": "2024-08-02T21:01:22.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47222 (GCVE-0-2023-47222)

    Vulnerability from nvd – Published: 2024-04-26 15:01 – Updated: 2024-08-02 21:01
    VLAI
    Title
    Media Streaming add-on
    Summary
    An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.5 ( 2024/01/22 ) (custom)
    Create a notification for this product.
    qnap media_streaming_add-on Affected: 500.1.x
        cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    YingMuo (@YingMuo), working with DEVCORE Internship Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "media_streaming_add-on",
                "vendor": "qnap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "500.1.x"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T19:31:27.928889Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:32.940Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:01:22.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-24-15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on ",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.5 ( 2024/01/22 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "YingMuo (@YingMuo), working with DEVCORE Internship Program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115"
                }
              ]
            },
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126"
                }
              ]
            },
            {
              "capecId": "CAPEC-497",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-497"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-26T15:01:27.370Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-15"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\n"
            }
          ],
          "source": {
            "advisory": "QSA-24-15",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-47222",
        "datePublished": "2024-04-26T15:01:27.370Z",
        "dateReserved": "2023-11-03T09:47:36.054Z",
        "dateUpdated": "2024-08-02T21:01:22.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23369 (GCVE-0-2023-23369)

    Vulnerability from nvd – Published: 2023-11-03 16:34 – Updated: 2025-02-27 20:34
    VLAI
    Title
    QTS, Multimedia Console, and Media Streaming add-on
    Summary
    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Multimedia Console Affected: 2.1.x , < 2.1.2 ( 2023/05/04 ) (custom)
    Affected: 1.4.x , < 1.4.8 ( 2023/05/05 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. QTS Affected: 5.1.x , < 5.1.0.2399 build 20230515 (custom)
    Affected: 4.3.6 , < 4.3.6.2441 build 20230621 (custom)
    Affected: 4.3.4 , < 4.3.4.2451 build 20230621 (custom)
    Affected: 4.3.3 , < 4.3.3.2420 build 20230621 (custom)
    Affected: 4.2.x , < 4.2.6 build 20230621 (custom)
    Create a notification for this product.
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.2 ( 2023/06/12 ) (custom)
    Affected: 500.0.x , < 500.0.0.11 ( 2023/06/16 ) (custom)
    Create a notification for this product.
    Credits
    Eqqie
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-23-35"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:15.353444Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:34:32.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Multimedia Console",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "2.1.2 ( 2023/05/04 )",
                  "status": "affected",
                  "version": "2.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.4.8 ( 2023/05/05 )",
                  "status": "affected",
                  "version": "1.4.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QTS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.0.2399 build 20230515",
                  "status": "affected",
                  "version": "5.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.6.2441 build 20230621",
                  "status": "affected",
                  "version": "4.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.4.2451 build 20230621",
                  "status": "affected",
                  "version": "4.3.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.3.2420 build 20230621",
                  "status": "affected",
                  "version": "4.3.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6 build 20230621",
                  "status": "affected",
                  "version": "4.2.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.2 ( 2023/06/12 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "500.0.0.11 ( 2023/06/16 )",
                  "status": "affected",
                  "version": "500.0.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Eqqie"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eMultimedia Console 2.1.2 ( 2023/05/04 ) and later\u003cbr\u003eMultimedia Console 1.4.8 ( 2023/05/05 ) and later\u003cbr\u003eQTS 5.1.0.2399 build 20230515 and later\u003cbr\u003eQTS 4.3.6.2441 build 20230621 and later\u003cbr\u003eQTS 4.3.4.2451 build 20230621 and later\u003cbr\u003eQTS 4.3.3.2420 build 20230621 and later\u003cbr\u003eQTS 4.2.6 build 20230621 and later\u003cbr\u003eMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\u003cbr\u003eMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\u003cbr\u003e"
                }
              ],
              "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nMultimedia Console 2.1.2 ( 2023/05/04 ) and later\nMultimedia Console 1.4.8 ( 2023/05/05 ) and later\nQTS 5.1.0.2399 build 20230515 and later\nQTS 4.3.6.2441 build 20230621 and later\nQTS 4.3.4.2451 build 20230621 and later\nQTS 4.3.3.2420 build 20230621 and later\nQTS 4.2.6 build 20230621 and later\nMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\nMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-03T16:34:40.084Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-23-35"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eMultimedia Console 2.1.2 ( 2023/05/04 ) and later\u003cbr\u003eMultimedia Console 1.4.8 ( 2023/05/05 ) and later\u003cbr\u003eQTS 5.1.0.2399 build 20230515 and later\u003cbr\u003eQTS 4.3.6.2441 build 20230621 and later\u003cbr\u003eQTS 4.3.4.2451 build 20230621 and later\u003cbr\u003eQTS 4.3.3.2420 build 20230621 and later\u003cbr\u003eQTS 4.2.6 build 20230621 and later\u003cbr\u003eMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\u003cbr\u003eMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nMultimedia Console 2.1.2 ( 2023/05/04 ) and later\nMultimedia Console 1.4.8 ( 2023/05/05 ) and later\nQTS 5.1.0.2399 build 20230515 and later\nQTS 4.3.6.2441 build 20230621 and later\nQTS 4.3.4.2451 build 20230621 and later\nQTS 4.3.3.2420 build 20230621 and later\nQTS 4.2.6 build 20230621 and later\nMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\nMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\n"
            }
          ],
          "source": {
            "advisory": "QSA-23-35",
            "discovery": "EXTERNAL"
          },
          "title": "QTS, Multimedia Console, and Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-23369",
        "datePublished": "2023-11-03T16:34:40.084Z",
        "dateReserved": "2023-01-11T20:15:53.086Z",
        "dateUpdated": "2025-02-27T20:34:32.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34362 (GCVE-0-2021-34362)

    Vulnerability from nvd – Published: 2021-10-22 04:25 – Updated: 2024-09-16 16:17
    VLAI
    Title
    Command Injection Vulnerability in Media Streaming Add-on
    Summary
    A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: unspecified , < 500.0.0.3 ( 2021/08/20 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. Media Streaming add-on Affected: unspecified , < 430.1.8.12 ( 2021/08/20 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. Media Streaming add-on Affected: unspecified , < 430.1.8.12 ( 2021/09/29 ) (custom)
    Create a notification for this product.
    Date Public
    2021-10-21 00:00
    Credits
    Tony Martin, a security researcher
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.851Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "QuTS-Hero 5.0.0"
              ],
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.0.0.3 ( 2021/08/20 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 5.0.0"
              ],
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.0.0.3 ( 2021/08/20 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.5.4"
              ],
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.0.0.3 ( 2021/08/20 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.3.6"
              ],
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "430.1.8.12 ( 2021/08/20 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.3.3"
              ],
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "430.1.8.12 ( 2021/09/29 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Martin, a security researcher"
            }
          ],
          "datePublic": "2021-10-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T04:25:09.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of Media Streaming add-on:\nQTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later\nQTS 4.5.4: Media Streaming add-on 500.0.0.3  ( 2021/08/20 ) and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later\nQTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later\nQuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-44",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in Media Streaming Add-on",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-10-21T17:29:00.000Z",
              "ID": "CVE-2021-34362",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in Media Streaming Add-on"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Media Streaming add-on",
                          "version": {
                            "version_data": [
                              {
                                "platform": "QuTS-Hero 5.0.0",
                                "version_affected": "\u003c",
                                "version_value": "500.0.0.3 ( 2021/08/20 )"
                              },
                              {
                                "platform": "QTS 5.0.0",
                                "version_affected": "\u003c",
                                "version_value": "500.0.0.3 ( 2021/08/20 )"
                              },
                              {
                                "platform": "QTS 4.5.4",
                                "version_affected": "\u003c",
                                "version_value": "500.0.0.3 ( 2021/08/20 )"
                              },
                              {
                                "platform": "QTS 4.3.6",
                                "version_affected": "\u003c",
                                "version_value": "430.1.8.12 ( 2021/08/20 )"
                              },
                              {
                                "platform": "QTS 4.3.3",
                                "version_affected": "\u003c",
                                "version_value": "430.1.8.12 ( 2021/09/29 )"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Tony Martin, a security researcher"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-44",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of Media Streaming add-on:\nQTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later\nQTS 4.5.4: Media Streaming add-on 500.0.0.3  ( 2021/08/20 ) and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later\nQTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later\nQuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-44",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34362",
        "datePublished": "2021-10-22T04:25:09.871Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:17:27.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36195 (GCVE-0-2020-36195)

    Vulnerability from nvd – Published: 2021-04-17 03:50 – Updated: 2024-09-16 17:28
    VLAI
    Title
    SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On
    Summary
    An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-89 - SQL Injection
    • CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QTS Affected: unspecified , < 4.3.3.1624 Build 20210416 (custom)
    Affected: unspecified , < 4.3.6.1620 Build 20210322 (custom)
    Create a notification for this product.
    QNAP Systems Inc. Media Streaming add-on Affected: unspecified , < 430.1.8.10 (custom)
    Affected: unspecified , < 430.1.8.8 (custom)
    Create a notification for this product.
    QNAP Systems Inc. Multimedia Console Affected: unspecified , < 1.3.4 (custom)
    Create a notification for this product.
    Date Public
    2021-04-16 00:00
    Credits
    Yaniv Puyeski
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.536Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QTS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "4.3.3.1624 Build 20210416",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.6.1620 Build 20210322",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "430.1.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "430.1.8.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Multimedia Console",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.3.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Yaniv Puyeski"
            }
          ],
          "datePublic": "2021-04-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-943",
                  "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-17T03:50:13.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on.\n\nQTS 4.3.3: Media Streaming add-on 430.1.8.10 and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.8 and later\nQTS 4.4.x and later: Multimedia Console 1.3.4 and later\n\nWe have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively:\n\nQTS 4.3.3.1624 Build 20210416 or later\nQTS 4.3.6.1620 Build 20210322 or later"
            }
          ],
          "source": {
            "advisory": "QSA-21-11",
            "discovery": "EXTERNAL"
          },
          "title": "SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-04-16T03:33:00.000Z",
              "ID": "CVE-2020-36195",
              "STATE": "PUBLIC",
              "TITLE": "SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QTS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.3.1624 Build 20210416"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.6.1620 Build 20210322"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Media Streaming add-on",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "430.1.8.10"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "430.1.8.8"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Multimedia Console",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Yaniv Puyeski"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-11",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on.\n\nQTS 4.3.3: Media Streaming add-on 430.1.8.10 and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.8 and later\nQTS 4.4.x and later: Multimedia Console 1.3.4 and later\n\nWe have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively:\n\nQTS 4.3.3.1624 Build 20210416 or later\nQTS 4.3.6.1620 Build 20210322 or later"
              }
            ],
            "source": {
              "advisory": "QSA-21-11",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2020-36195",
        "datePublished": "2021-04-17T03:50:13.274Z",
        "dateReserved": "2021-01-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:28:07.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59383 (GCVE-0-2025-59383)

    Vulnerability from cvelistv5 – Published: 2026-03-20 16:22 – Updated: 2026-03-25 14:00
    VLAI
    Title
    Media Streaming Add-on
    Summary
    A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming Add-on Affected: 500.1.x , < 500.1.1 (custom)
    Create a notification for this product.
    Credits
    Dohwan KIM (neko_hat from Chung-Ang UNIV.)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T14:00:12.618673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T14:00:24.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming Add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dohwan KIM (neko_hat from Chung-Ang UNIV.)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming Add-on 500.1.1 and later\u003cbr\u003e"
                }
              ],
              "value": "A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming Add-on 500.1.1 and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-20T16:22:07.367Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-26-09"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming Add-on 500.1.1 and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming Add-on 500.1.1 and later"
            }
          ],
          "source": {
            "advisory": "QSA-26-09",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming Add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2025-59383",
        "datePublished": "2026-03-20T16:22:07.367Z",
        "dateReserved": "2025-09-15T08:35:00.660Z",
        "dateUpdated": "2026-03-25T14:00:24.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56807 (GCVE-0-2024-56807)

    Vulnerability from cvelistv5 – Published: 2026-02-11 12:20 – Updated: 2026-02-11 14:23
    VLAI
    Title
    Media Streaming add-on
    Summary
    An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.6 ( 2024/08/02 ) (custom)
    Create a notification for this product.
    Credits
    dcs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56807",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T14:23:39.836885Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T14:23:50.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.6 ( 2024/08/02 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "dcs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-11T12:20:14.724Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-25-57"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-25-57",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-56807",
        "datePublished": "2026-02-11T12:20:14.724Z",
        "dateReserved": "2024-12-31T09:31:29.719Z",
        "dateUpdated": "2026-02-11T14:23:50.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56808 (GCVE-0-2024-56808)

    Vulnerability from cvelistv5 – Published: 2026-02-11 12:20 – Updated: 2026-02-11 14:27
    VLAI
    Title
    Media Streaming add-on
    Summary
    A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.6 ( 2024/08/02 ) (custom)
    Create a notification for this product.
    Credits
    dcs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T14:24:47.673685Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T14:27:11.982Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.6 ( 2024/08/02 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "dcs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "PHYSICAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-11T12:20:08.765Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-25-57"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-25-57",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-56808",
        "datePublished": "2026-02-11T12:20:08.765Z",
        "dateReserved": "2024-12-31T09:31:29.719Z",
        "dateUpdated": "2026-02-11T14:27:11.982Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-50395 (GCVE-0-2024-50395)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:31 – Updated: 2024-11-22 16:48
    VLAI
    Title
    Media Streaming add-on
    Summary
    An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.6 ( 2024/08/02 ) (custom)
    Create a notification for this product.
    qnap media_streaming_add-on Affected: 500.1.0 , < 500.1.1.6 (custom)
        cpe:2.3:a:qnap:media_streaming_add-on:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dohwan KIM (neko_hat from TeamH4C)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:media_streaming_add-on:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "media_streaming_add-on",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "500.1.1.6",
                    "status": "affected",
                    "version": "500.1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-50395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T16:47:38.380177Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T16:48:42.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.6 ( 2024/08/02 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dohwan KIM (neko_hat from TeamH4C)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-77",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-77"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:31:47.697Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-47"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-47",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-50395",
        "datePublished": "2024-11-22T15:31:47.697Z",
        "dateReserved": "2024-10-24T03:41:08.490Z",
        "dateUpdated": "2024-11-22T16:48:42.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47220 (GCVE-0-2023-47220)

    Vulnerability from cvelistv5 – Published: 2024-05-03 02:32 – Updated: 2024-08-02 21:01
    VLAI
    Title
    Media Streaming add-on
    Summary
    An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.5 ( 2024/01/22 ) (custom)
    Create a notification for this product.
    qnap media_streaming_add-on Affected: 500.1*
        cpe:2.3:a:qnap:media_streaming_add-on:500.1*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    YingMuo (@YingMuo), working with DEVCORE Internship Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:media_streaming_add-on:500.1*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "media_streaming_add-on",
                "vendor": "qnap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "500.1*"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:03:18.647922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:46.113Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:01:22.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-24-15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on ",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.5 ( 2024/01/22 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "YingMuo (@YingMuo), working with DEVCORE Internship Program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T02:32:04.674Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-15"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\n"
            }
          ],
          "source": {
            "advisory": "QSA-24-15",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-47220",
        "datePublished": "2024-05-03T02:32:04.674Z",
        "dateReserved": "2023-11-03T09:47:36.054Z",
        "dateUpdated": "2024-08-02T21:01:22.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47222 (GCVE-0-2023-47222)

    Vulnerability from cvelistv5 – Published: 2024-04-26 15:01 – Updated: 2024-08-02 21:01
    VLAI
    Title
    Media Streaming add-on
    Summary
    An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.5 ( 2024/01/22 ) (custom)
    Create a notification for this product.
    qnap media_streaming_add-on Affected: 500.1.x
        cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    YingMuo (@YingMuo), working with DEVCORE Internship Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "media_streaming_add-on",
                "vendor": "qnap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "500.1.x"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T19:31:27.928889Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:32.940Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:01:22.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-24-15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on ",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.5 ( 2024/01/22 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "YingMuo (@YingMuo), working with DEVCORE Internship Program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115"
                }
              ]
            },
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126"
                }
              ]
            },
            {
              "capecId": "CAPEC-497",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-497"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-26T15:01:27.370Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-15"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on  500.1.1.5 ( 2024/01/22 ) and later\n"
            }
          ],
          "source": {
            "advisory": "QSA-24-15",
            "discovery": "EXTERNAL"
          },
          "title": "Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-47222",
        "datePublished": "2024-04-26T15:01:27.370Z",
        "dateReserved": "2023-11-03T09:47:36.054Z",
        "dateUpdated": "2024-08-02T21:01:22.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23369 (GCVE-0-2023-23369)

    Vulnerability from cvelistv5 – Published: 2023-11-03 16:34 – Updated: 2025-02-27 20:34
    VLAI
    Title
    QTS, Multimedia Console, and Media Streaming add-on
    Summary
    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Multimedia Console Affected: 2.1.x , < 2.1.2 ( 2023/05/04 ) (custom)
    Affected: 1.4.x , < 1.4.8 ( 2023/05/05 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. QTS Affected: 5.1.x , < 5.1.0.2399 build 20230515 (custom)
    Affected: 4.3.6 , < 4.3.6.2441 build 20230621 (custom)
    Affected: 4.3.4 , < 4.3.4.2451 build 20230621 (custom)
    Affected: 4.3.3 , < 4.3.3.2420 build 20230621 (custom)
    Affected: 4.2.x , < 4.2.6 build 20230621 (custom)
    Create a notification for this product.
    QNAP Systems Inc. Media Streaming add-on Affected: 500.1.x , < 500.1.1.2 ( 2023/06/12 ) (custom)
    Affected: 500.0.x , < 500.0.0.11 ( 2023/06/16 ) (custom)
    Create a notification for this product.
    Credits
    Eqqie
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-23-35"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:15.353444Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:34:32.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Multimedia Console",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "2.1.2 ( 2023/05/04 )",
                  "status": "affected",
                  "version": "2.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.4.8 ( 2023/05/05 )",
                  "status": "affected",
                  "version": "1.4.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QTS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.0.2399 build 20230515",
                  "status": "affected",
                  "version": "5.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.6.2441 build 20230621",
                  "status": "affected",
                  "version": "4.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.4.2451 build 20230621",
                  "status": "affected",
                  "version": "4.3.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.3.2420 build 20230621",
                  "status": "affected",
                  "version": "4.3.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6 build 20230621",
                  "status": "affected",
                  "version": "4.2.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.1.1.2 ( 2023/06/12 )",
                  "status": "affected",
                  "version": "500.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "500.0.0.11 ( 2023/06/16 )",
                  "status": "affected",
                  "version": "500.0.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Eqqie"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eMultimedia Console 2.1.2 ( 2023/05/04 ) and later\u003cbr\u003eMultimedia Console 1.4.8 ( 2023/05/05 ) and later\u003cbr\u003eQTS 5.1.0.2399 build 20230515 and later\u003cbr\u003eQTS 4.3.6.2441 build 20230621 and later\u003cbr\u003eQTS 4.3.4.2451 build 20230621 and later\u003cbr\u003eQTS 4.3.3.2420 build 20230621 and later\u003cbr\u003eQTS 4.2.6 build 20230621 and later\u003cbr\u003eMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\u003cbr\u003eMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\u003cbr\u003e"
                }
              ],
              "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nMultimedia Console 2.1.2 ( 2023/05/04 ) and later\nMultimedia Console 1.4.8 ( 2023/05/05 ) and later\nQTS 5.1.0.2399 build 20230515 and later\nQTS 4.3.6.2441 build 20230621 and later\nQTS 4.3.4.2451 build 20230621 and later\nQTS 4.3.3.2420 build 20230621 and later\nQTS 4.2.6 build 20230621 and later\nMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\nMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-03T16:34:40.084Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-23-35"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eMultimedia Console 2.1.2 ( 2023/05/04 ) and later\u003cbr\u003eMultimedia Console 1.4.8 ( 2023/05/05 ) and later\u003cbr\u003eQTS 5.1.0.2399 build 20230515 and later\u003cbr\u003eQTS 4.3.6.2441 build 20230621 and later\u003cbr\u003eQTS 4.3.4.2451 build 20230621 and later\u003cbr\u003eQTS 4.3.3.2420 build 20230621 and later\u003cbr\u003eQTS 4.2.6 build 20230621 and later\u003cbr\u003eMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\u003cbr\u003eMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nMultimedia Console 2.1.2 ( 2023/05/04 ) and later\nMultimedia Console 1.4.8 ( 2023/05/05 ) and later\nQTS 5.1.0.2399 build 20230515 and later\nQTS 4.3.6.2441 build 20230621 and later\nQTS 4.3.4.2451 build 20230621 and later\nQTS 4.3.3.2420 build 20230621 and later\nQTS 4.2.6 build 20230621 and later\nMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\nMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\n"
            }
          ],
          "source": {
            "advisory": "QSA-23-35",
            "discovery": "EXTERNAL"
          },
          "title": "QTS, Multimedia Console, and Media Streaming add-on",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-23369",
        "datePublished": "2023-11-03T16:34:40.084Z",
        "dateReserved": "2023-01-11T20:15:53.086Z",
        "dateUpdated": "2025-02-27T20:34:32.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34362 (GCVE-0-2021-34362)

    Vulnerability from cvelistv5 – Published: 2021-10-22 04:25 – Updated: 2024-09-16 16:17
    VLAI
    Title
    Command Injection Vulnerability in Media Streaming Add-on
    Summary
    A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Media Streaming add-on Affected: unspecified , < 500.0.0.3 ( 2021/08/20 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. Media Streaming add-on Affected: unspecified , < 430.1.8.12 ( 2021/08/20 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. Media Streaming add-on Affected: unspecified , < 430.1.8.12 ( 2021/09/29 ) (custom)
    Create a notification for this product.
    Date Public
    2021-10-21 00:00
    Credits
    Tony Martin, a security researcher
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.851Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "QuTS-Hero 5.0.0"
              ],
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.0.0.3 ( 2021/08/20 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 5.0.0"
              ],
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.0.0.3 ( 2021/08/20 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.5.4"
              ],
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "500.0.0.3 ( 2021/08/20 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.3.6"
              ],
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "430.1.8.12 ( 2021/08/20 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.3.3"
              ],
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "430.1.8.12 ( 2021/09/29 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Martin, a security researcher"
            }
          ],
          "datePublic": "2021-10-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T04:25:09.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of Media Streaming add-on:\nQTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later\nQTS 4.5.4: Media Streaming add-on 500.0.0.3  ( 2021/08/20 ) and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later\nQTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later\nQuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-44",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in Media Streaming Add-on",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-10-21T17:29:00.000Z",
              "ID": "CVE-2021-34362",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in Media Streaming Add-on"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Media Streaming add-on",
                          "version": {
                            "version_data": [
                              {
                                "platform": "QuTS-Hero 5.0.0",
                                "version_affected": "\u003c",
                                "version_value": "500.0.0.3 ( 2021/08/20 )"
                              },
                              {
                                "platform": "QTS 5.0.0",
                                "version_affected": "\u003c",
                                "version_value": "500.0.0.3 ( 2021/08/20 )"
                              },
                              {
                                "platform": "QTS 4.5.4",
                                "version_affected": "\u003c",
                                "version_value": "500.0.0.3 ( 2021/08/20 )"
                              },
                              {
                                "platform": "QTS 4.3.6",
                                "version_affected": "\u003c",
                                "version_value": "430.1.8.12 ( 2021/08/20 )"
                              },
                              {
                                "platform": "QTS 4.3.3",
                                "version_affected": "\u003c",
                                "version_value": "430.1.8.12 ( 2021/09/29 )"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Tony Martin, a security researcher"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-44",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of Media Streaming add-on:\nQTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later\nQTS 4.5.4: Media Streaming add-on 500.0.0.3  ( 2021/08/20 ) and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later\nQTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later\nQuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-44",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34362",
        "datePublished": "2021-10-22T04:25:09.871Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:17:27.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36195 (GCVE-0-2020-36195)

    Vulnerability from cvelistv5 – Published: 2021-04-17 03:50 – Updated: 2024-09-16 17:28
    VLAI
    Title
    SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On
    Summary
    An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-89 - SQL Injection
    • CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QTS Affected: unspecified , < 4.3.3.1624 Build 20210416 (custom)
    Affected: unspecified , < 4.3.6.1620 Build 20210322 (custom)
    Create a notification for this product.
    QNAP Systems Inc. Media Streaming add-on Affected: unspecified , < 430.1.8.10 (custom)
    Affected: unspecified , < 430.1.8.8 (custom)
    Create a notification for this product.
    QNAP Systems Inc. Multimedia Console Affected: unspecified , < 1.3.4 (custom)
    Create a notification for this product.
    Date Public
    2021-04-16 00:00
    Credits
    Yaniv Puyeski
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.536Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QTS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "4.3.3.1624 Build 20210416",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.6.1620 Build 20210322",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Media Streaming add-on",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "430.1.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "430.1.8.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Multimedia Console",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.3.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Yaniv Puyeski"
            }
          ],
          "datePublic": "2021-04-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-943",
                  "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-17T03:50:13.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on.\n\nQTS 4.3.3: Media Streaming add-on 430.1.8.10 and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.8 and later\nQTS 4.4.x and later: Multimedia Console 1.3.4 and later\n\nWe have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively:\n\nQTS 4.3.3.1624 Build 20210416 or later\nQTS 4.3.6.1620 Build 20210322 or later"
            }
          ],
          "source": {
            "advisory": "QSA-21-11",
            "discovery": "EXTERNAL"
          },
          "title": "SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-04-16T03:33:00.000Z",
              "ID": "CVE-2020-36195",
              "STATE": "PUBLIC",
              "TITLE": "SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QTS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.3.1624 Build 20210416"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.6.1620 Build 20210322"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Media Streaming add-on",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "430.1.8.10"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "430.1.8.8"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Multimedia Console",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Yaniv Puyeski"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-11",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on.\n\nQTS 4.3.3: Media Streaming add-on 430.1.8.10 and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.8 and later\nQTS 4.4.x and later: Multimedia Console 1.3.4 and later\n\nWe have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively:\n\nQTS 4.3.3.1624 Build 20210416 or later\nQTS 4.3.6.1620 Build 20210322 or later"
              }
            ],
            "source": {
              "advisory": "QSA-21-11",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2020-36195",
        "datePublished": "2021-04-17T03:50:13.274Z",
        "dateReserved": "2021-01-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:28:07.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }