Search

Find a vulnerability

Search criteria

    9 vulnerabilities found for Music Station by Qnap

    VAR-202011-1206

    Vulnerability from variot - Updated: 2024-11-23 23:01

    If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. QNAP Music Station Has OS There are command injection vulnerabilities and command injection vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems.

    The UserName of the Music Station that uses the file upload function of QNAP Systems TS-870 with firmware version 4.3.4.0486 has a command injection vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1206",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "music station",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.2.9"
          },
          {
            "model": "music station",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.3.0"
          },
          {
            "model": "music station",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.3.11"
          },
          {
            "model": "music station",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.1.13"
          },
          {
            "model": "music station",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.2.0"
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "5.3.11"
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": null
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "5.2.9"
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "5.1.13"
          },
          {
            "model": "systems ts-870",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "qnap",
            "version": "4.3.4.0486"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62934"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19950"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rick Ramgattie,Shaun Mirani, Joshua Meyer, and Ian Sindermann",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-926"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-19950",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19950",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-62934",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19950",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19950",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19950",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19950",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-62934",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201909-926",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19950",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62934"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19950"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-926"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19950"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. QNAP Music Station Has OS There are command injection vulnerabilities and command injection vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. \n\r\n\r\nThe UserName of the Music Station that uses the file upload function of QNAP Systems TS-870 with firmware version 4.3.4.0486 has a command injection vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19950"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-62934"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19950"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19950",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016514",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-62934",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-926",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19950",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62934"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19950"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-926"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19950"
          }
        ]
      },
      "id": "VAR-202011-1206",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62934"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62934"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:01:11.826000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "QSA-20-10",
            "trust": 0.8,
            "url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19950"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19950"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62934"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19950"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-926"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19950"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62934"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19950"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-926"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19950"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-62934"
          },
          {
            "date": "2020-11-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19950"
          },
          {
            "date": "2021-05-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          },
          {
            "date": "2019-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-926"
          },
          {
            "date": "2020-11-02T16:15:13.020000",
            "db": "NVD",
            "id": "CVE-2018-19950"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-62934"
          },
          {
            "date": "2020-11-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19950"
          },
          {
            "date": "2021-05-31T07:26:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          },
          {
            "date": "2020-11-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-926"
          },
          {
            "date": "2024-11-21T03:58:52.370000",
            "db": "NVD",
            "id": "CVE-2018-19950"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-926"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "QNAP\u00a0Music\u00a0Station\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016514"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-926"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202011-1207

    Vulnerability from variot - Updated: 2024-11-23 22:20

    If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. Music Station Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1207",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "music station",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.2.9"
          },
          {
            "model": "music station",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.3.0"
          },
          {
            "model": "music station",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.3.11"
          },
          {
            "model": "music station",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.1.13"
          },
          {
            "model": "music station",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.2.0"
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "5.1.13"
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "5.2.9"
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "5.3.11"
          },
          {
            "model": "systems ts-870",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "qnap",
            "version": "4.3.4.0486"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19951"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:qnap:music_station",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rick Ramgattie,Shaun Mirani, Joshua Meyer, and Ian Sindermann",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-925"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-19951",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-19951",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-016470",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-62933",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-19951",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-016470",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19951",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2018-016470",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-62933",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201909-925",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19951",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-925"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19951"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. Music Station Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19951"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19951",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016470",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-62933",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-925",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19951",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-925"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19951"
          }
        ]
      },
      "id": "VAR-202011-1207",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:20:59.617000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "QSA-20-10",
            "trust": 0.8,
            "url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2018-19951 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-19951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-80",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19951"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19951"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19951"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2018-19951"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-925"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19951"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-925"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19951"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          },
          {
            "date": "2020-11-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19951"
          },
          {
            "date": "2020-11-30T06:10:21",
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          },
          {
            "date": "2019-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-925"
          },
          {
            "date": "2020-11-02T16:15:13.100000",
            "db": "NVD",
            "id": "CVE-2018-19951"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          },
          {
            "date": "2022-11-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19951"
          },
          {
            "date": "2020-11-30T06:10:21",
            "db": "JVNDB",
            "id": "JVNDB-2018-016470"
          },
          {
            "date": "2020-11-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-925"
          },
          {
            "date": "2024-11-21T03:58:52.500000",
            "db": "NVD",
            "id": "CVE-2018-19951"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-925"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "QNAP Systems TS-870 cross-site scripting vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62933"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-925"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-925"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202011-1202

    Vulnerability from variot - Updated: 2024-11-23 21:35

    If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems.

    A security vulnerability exists in QNAP Systems TS-870 using firmware version 4.3.4.0486. An attacker can use this vulnerability to use LIMIT and retrieve data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1202",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "music station",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.2.9"
          },
          {
            "model": "music station",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.3.0"
          },
          {
            "model": "music station",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.3.11"
          },
          {
            "model": "music station",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.1.13"
          },
          {
            "model": "music station",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "5.2.0"
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "5.3.11"
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": null
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "5.1.13"
          },
          {
            "model": "music station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "5.2.9"
          },
          {
            "model": "systems ts-870",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "qnap",
            "version": "4.3.4.0486"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012822"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19952"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rick Ramgattie,Shaun Mirani, Joshua Meyer, and Ian Sindermann",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-923"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-19952",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19952",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-62932",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19952",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19952",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19952",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19952",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-62932",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201909-923",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19952",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012822"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-923"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19952"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. \n\r\n\r\nA security vulnerability exists in QNAP Systems TS-870 using firmware version 4.3.4.0486. An attacker can use this vulnerability to use LIMIT and retrieve data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012822"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19952"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19952",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012822",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-62932",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-923",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19952",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012822"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-923"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19952"
          }
        ]
      },
      "id": "VAR-202011-1202",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:07.710000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "QSA-20-10",
            "trust": 0.8,
            "url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012822"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-80",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-89",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-943",
            "trust": 1.0
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012822"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19952"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19952"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012822"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-923"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19952"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012822"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-923"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19952"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          },
          {
            "date": "2020-11-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19952"
          },
          {
            "date": "2021-06-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-012822"
          },
          {
            "date": "2019-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-923"
          },
          {
            "date": "2020-11-02T16:15:13.193000",
            "db": "NVD",
            "id": "CVE-2018-19952"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          },
          {
            "date": "2020-11-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19952"
          },
          {
            "date": "2021-06-04T07:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-012822"
          },
          {
            "date": "2020-11-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-923"
          },
          {
            "date": "2024-11-21T03:58:52.637000",
            "db": "NVD",
            "id": "CVE-2018-19952"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-923"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "QNAP Systems TS-870 SQL injection vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-62932"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-923"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-923"
          }
        ],
        "trust": 0.6
      }
    }

    CERTFR-2024-AVI-0752

    Vulnerability from certfr_avis - Published: 2024-09-09 - Updated: 2025-01-21

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Qnap QuTS hero QuTS hero versions h4.5.x antérieures à h4.5.4.2790 build 20240606
    Qnap QTS QTS versions 4.3.4 antérieures à 4.3.4.2814 build 20240618
    Qnap Download Station Download Station versions 5.8.x antérieures à 5.8.6.283
    Qnap QTS QTS versions 4.3.3 antérieures à 4.3.3.2784 build 20240619
    Qnap QuMagie QuMagie versions 2.3.x antérieures à 2.3.1
    Qnap QTS QTS versions 4.2.6 antérieures à 4.2.6 build 20240618
    Qnap QTS QTS versions 4.3.6 antérieures à 4.3.6.2805 build 20240619
    Qnap Helpdesk Helpdesk versions 3.3.x antérieures à 3.3.1
    Qnap Notes Station Notes Station 3 versions 3.9.x antérieures à 3.9.6
    Qnap QTS QTS versions 5.1.x antérieures à 5.2.0.2782 build 20240601
    Qnap QuTS hero QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225
    Qnap QuTS hero QuTS hero versions h5.1.x antérieures à h5.2.0.2782 build 20240601
    Qnap Music Station Music Station versions 5.4.x antérieures à 5.4.0
    Qnap Video Station Video Station versions 5.8.x antérieures à 5.8.2
    Qnap QTS QTS versions 4.5.x antérieures à 4.5.4.2790 build 20240605
    Qnap QuLog Center QuLog Center versions 1.7.x.x antérieures à 1.7.0.827
    Qnap QuLog Center QuLog Center versions 1.8.x.x antérieures à 1.8.0.872
    Qnap QVR QVR Smart Client versions 2.4.x.x antérieures à 2.4.0.0570
    References
    Bulletin de sécurité Qnap QSA-24-24 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-26 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-34 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-30 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-21 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-27 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-29 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-28 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-32 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-25 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-33 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-22 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-35 2024-09-07 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2790 build 20240606",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.3.4 ant\u00e9rieures \u00e0 4.3.4.2814 build 20240618",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Download Station versions 5.8.x ant\u00e9rieures \u00e0 5.8.6.283",
          "product": {
            "name": "Download Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.3.3 ant\u00e9rieures \u00e0 4.3.3.2784 build 20240619",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuMagie versions 2.3.x ant\u00e9rieures \u00e0 2.3.1",
          "product": {
            "name": "QuMagie",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.2.6 ant\u00e9rieures \u00e0 4.2.6 build 20240618",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.3.6 ant\u00e9rieures \u00e0 4.3.6.2805 build 20240619",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Helpdesk versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
          "product": {
            "name": "Helpdesk",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Notes Station 3 versions 3.9.x ant\u00e9rieures \u00e0 3.9.6",
          "product": {
            "name": "Notes Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.2.0.2782 build 20240601",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2626 build 20231225",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.2.0.2782 build 20240601",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Music Station versions 5.4.x ant\u00e9rieures \u00e0 5.4.0",
          "product": {
            "name": "Music Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Video Station versions 5.8.x ant\u00e9rieures \u00e0 5.8.2",
          "product": {
            "name": "Video Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2790 build 20240605",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions 1.7.x.x ant\u00e9rieures \u00e0 1.7.0.827",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions 1.8.x.x ant\u00e9rieures \u00e0 1.8.0.872",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QVR Smart Client versions 2.4.x.x ant\u00e9rieures \u00e0 2.4.0.0570",
          "product": {
            "name": "QVR",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2022-27592",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-27592"
        },
        {
          "name": "CVE-2023-50360",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-50360"
        },
        {
          "name": "CVE-2024-32762",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32762"
        },
        {
          "name": "CVE-2024-21906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21906"
        },
        {
          "name": "CVE-2024-38640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38640"
        },
        {
          "name": "CVE-2024-53691",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53691"
        },
        {
          "name": "CVE-2023-34974",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34974"
        },
        {
          "name": "CVE-2024-27125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27125"
        },
        {
          "name": "CVE-2024-32763",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32763"
        },
        {
          "name": "CVE-2024-27126",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27126"
        },
        {
          "name": "CVE-2023-47563",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-47563"
        },
        {
          "name": "CVE-2024-38641",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38641"
        },
        {
          "name": "CVE-2024-38642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38642"
        },
        {
          "name": "CVE-2023-34979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34979"
        },
        {
          "name": "CVE-2023-39298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39298"
        },
        {
          "name": "CVE-2023-39300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39300"
        },
        {
          "name": "CVE-2023-45038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45038"
        },
        {
          "name": "CVE-2024-32771",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32771"
        },
        {
          "name": "CVE-2023-38545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
        },
        {
          "name": "CVE-2024-27122",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27122"
        }
      ],
      "initial_release_date": "2024-09-09T00:00:00",
      "last_revision_date": "2025-01-21T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0752",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-09-09T00:00:00.000000"
        },
        {
          "description": "Ajout de l\u0027identifiant CVE-2024-53691.",
          "revision_date": "2025-01-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-24",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-24"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-26",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-26"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-34",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-34"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-30",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-30"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-21",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-21"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-27",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-27"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-29",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-29"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-28",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-28"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-32",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-32"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-25",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-25"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-33",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-33"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-22",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-22"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-35",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-35"
        }
      ]
    }

    CERTFR-2023-AVI-0915

    Vulnerability from certfr_avis - Published: 2023-11-06 - Updated: 2023-11-06

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Qnap Music Station QNAP Music Station versions 5.1.x antérieures à 5.1.16
    Qnap QuTS hero QNAP QuTS hero versions h4.5.x antérieures à h4.5.4.2374 build 20230417
    Qnap QTS QNAP QTS versions 5.0.x antérieures à 5.0.1.2514 build 20230906
    Qnap QTS QNAP QTS versions 4.2.x antérieures à 4.2.6 build 20230621
    Qnap QTS QNAP QTS versions 4.3.3.x antérieures à 4.3.3.2420 build 20230621
    Qnap QTS QNAP QTS versions 4.5.x antérieures à 4.5.4.2374 build 20230416
    Qnap N/A QNAP QuTScloud versions c5.x antérieures à c5.1.0.2498
    Qnap N/A QNAP Media Streaming add-on versions 500.0.x antérieures à 500.0.0.11
    Qnap N/A QNAP Multimedia Console versions 2.1.x antérieures à 2.1.2
    Qnap N/A QNAP Media Streaming add-on versions 500.1.x antérieures à 500.1.1.2
    Qnap Music Station QNAP Music Station versions 5.3.x antérieures à 5.3.23
    Qnap N/A QNAP Multimedia Console versions 1.4.x antérieures à 1.4.8
    Qnap QuTS hero QNAP QuTS hero versions h5.0.x antérieures à h5.0.1.2515 build 20230907
    Qnap QTS QNAP QTS versions 5.1.x antérieures à 5.1.1.2491 build 20230815
    Qnap Music Station QNAP Music Station versions 4.8.x antérieures à 4.8.11
    Qnap QuTS hero QNAP QuTS hero versions h5.1.x antérieures à h5.1.1.2488 build 20230812
    Qnap QTS QNAP QTS versions 4.3.6.x antérieures à 4.3.6.2441 build 20230621
    Qnap QTS QNAP QTS versions 4.3.4.x antérieures à 4.3.4.2451 build 20230621

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "QNAP Music Station versions 5.1.x ant\u00e9rieures \u00e0 5.1.16",
          "product": {
            "name": "Music Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2374 build 20230417",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QTS versions 5.0.x ant\u00e9rieures \u00e0 5.0.1.2514 build 20230906",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QTS versions 4.2.x ant\u00e9rieures \u00e0 4.2.6 build 20230621",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QTS versions 4.3.3.x ant\u00e9rieures \u00e0 4.3.3.2420 build 20230621",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2374 build 20230416",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QuTScloud versions c5.x ant\u00e9rieures \u00e0 c5.1.0.2498",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP Media Streaming add-on versions 500.0.x ant\u00e9rieures \u00e0 500.0.0.11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP Multimedia Console versions 2.1.x ant\u00e9rieures \u00e0 2.1.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP Media Streaming add-on versions 500.1.x ant\u00e9rieures \u00e0 500.1.1.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP Music Station versions 5.3.x ant\u00e9rieures \u00e0 5.3.23",
          "product": {
            "name": "Music Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP Multimedia Console versions 1.4.x ant\u00e9rieures \u00e0 1.4.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QuTS hero versions h5.0.x ant\u00e9rieures \u00e0 h5.0.1.2515 build 20230907",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.1.2491 build 20230815",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP Music Station versions 4.8.x ant\u00e9rieures \u00e0 4.8.11",
          "product": {
            "name": "Music Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.1.2488 build 20230812",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QTS versions 4.3.6.x ant\u00e9rieures \u00e0 4.3.6.2441 build 20230621",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP QTS versions 4.3.4.x ant\u00e9rieures \u00e0 4.3.4.2451 build 20230621",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-39299",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39299"
        },
        {
          "name": "CVE-2023-39301",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39301"
        },
        {
          "name": "CVE-2023-23368",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23368"
        },
        {
          "name": "CVE-2023-23369",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23369"
        }
      ],
      "initial_release_date": "2023-11-06T00:00:00",
      "last_revision_date": "2023-11-06T00:00:00",
      "links": [],
      "reference": "CERTFR-2023-AVI-0915",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2023-11-06T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-31 du 04 novembre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-31"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-61 du 04 novembre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-61"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-51 du 04 novembre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-51"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-35 du 04 novembre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-35"
        }
      ]
    }

    CERTFR-2023-AVI-0815

    Vulnerability from certfr_avis - Published: 2023-10-09 - Updated: 2023-10-09

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Qnap N/A QVPN Windows 2.1.x versions antérieures à 2.1.0.0518
    Qnap QuTS hero QuTS hero h5.0.x versions antérieures à h5.0.1.2515 build 20230907
    Qnap N/A QuTScloud c5.x versions antérieures à c5.1.0.2498
    Qnap QTS QTS 5.0.x versions antérieures à 5.0.1.2425 build 20230609
    Qnap QTS QTS 4.5.x versions antérieures à 4.5.4.2467 build 20230718
    Qnap QuTS hero QuTS hero h5.1.x versions antérieures à h5.1.0.2424 build 20230609
    Qnap QuTS hero QuTS hero h4.5.x versions antérieures à h4.5.4.2476 build 20230728
    Qnap Music Station Qnap Music Station versions 5.3.x antérieures à 5.3.22
    Qnap N/A QVPN Windows 2.2.x versions antérieures à 2.2.0.0823
    Qnap QTS QTS 5.1.x versions antérieures à 5.1.0.2444 build 20230629

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "QVPN Windows 2.1.x versions ant\u00e9rieures \u00e0 2.1.0.0518",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero h5.0.x versions ant\u00e9rieures \u00e0 h5.0.1.2515 build 20230907",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTScloud c5.x versions ant\u00e9rieures \u00e0 c5.1.0.2498",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS 5.0.x versions ant\u00e9rieures \u00e0 5.0.1.2425 build 20230609",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS 4.5.x versions ant\u00e9rieures \u00e0 4.5.4.2467 build 20230718",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 h5.1.0.2424 build 20230609",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero h4.5.x versions ant\u00e9rieures \u00e0 h4.5.4.2476 build 20230728",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Qnap Music Station versions 5.3.x ant\u00e9rieures \u00e0 5.3.22",
          "product": {
            "name": "Music Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QVPN Windows 2.2.x versions ant\u00e9rieures \u00e0 2.2.0.0823",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS 5.1.x versions ant\u00e9rieures \u00e0 5.1.0.2444 build 20230629",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-20052",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20052"
        },
        {
          "name": "CVE-2023-32972",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32972"
        },
        {
          "name": "CVE-2023-23366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23366"
        },
        {
          "name": "CVE-2023-23365",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23365"
        },
        {
          "name": "CVE-2023-23370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23370"
        },
        {
          "name": "CVE-2023-32971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32971"
        },
        {
          "name": "CVE-2023-20032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20032"
        },
        {
          "name": "CVE-2023-23371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23371"
        }
      ],
      "initial_release_date": "2023-10-09T00:00:00",
      "last_revision_date": "2023-10-09T00:00:00",
      "links": [],
      "reference": "CERTFR-2023-AVI-0815",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2023-10-09T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-26 du 07 octobre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-26"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-39 du 07 octobre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-39"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-36 du 07 octobre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-36"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-28 du 07 octobre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-28"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-37 du 07 octobre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-37"
        }
      ]
    }

    CERTFR-2021-AVI-379

    Vulnerability from certfr_avis - Published: 2021-05-14 - Updated: 2021-05-14

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Qnap Music Station QuTScloud c4.5.4: Music Station versions antérieures à 5.3.16
    Qnap QTS QTS 4.4.x: Malware Remover versions antérieures à 4.6.1.0
    Qnap N/A QTS 4.3.3: Music Station versions antérieures à 5.1.14
    Qnap N/A QuTS hero h4.5.2: Music Station versions antérieures à 5.3.16
    Qnap N/A QTS 4.5.2: Music Station versions antérieures à 5.3.16
    Qnap N/A QTS 4.3.6: Music Station versions antérieures à 5.2.10
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "QuTScloud c4.5.4: Music Station versions ant\u00e9rieures \u00e0 5.3.16",
          "product": {
            "name": "Music Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS 4.4.x: Malware Remover versions ant\u00e9rieures \u00e0 4.6.1.0",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS 4.3.3: Music Station versions ant\u00e9rieures \u00e0 5.1.14",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero h4.5.2: Music Station versions ant\u00e9rieures \u00e0 5.3.16",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS 4.5.2: Music Station versions ant\u00e9rieures \u00e0 5.3.16",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS 4.3.6: Music Station versions ant\u00e9rieures \u00e0 5.2.10",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2020-36198",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36198"
        },
        {
          "name": "CVE-2020-36197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36197"
        }
      ],
      "initial_release_date": "2021-05-14T00:00:00",
      "last_revision_date": "2021-05-14T00:00:00",
      "links": [],
      "reference": "CERTFR-2021-AVI-379",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2021-05-14T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-21-08 du 06 mai 2021",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-08"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-21-16 du 13 mai 2021",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-16"
        }
      ]
    }

    CVE-2018-0718 (GCVE-0-2018-0718)

    Vulnerability from cvelistv5 – Published: 2018-09-14 13:00 – Updated: 2024-09-16 20:12
    VLAI
    Summary
    Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Music Station Affected: 5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4
    Create a notification for this product.
    Date Public
    2018-09-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Music Station",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4"
                }
              ]
            }
          ],
          "datePublic": "2018-09-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-14T12:57:02.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-09-14T00:00:00",
              "ID": "CVE-2018-0718",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Music Station",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0718",
        "datePublished": "2018-09-14T13:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:12:02.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0718 (GCVE-0-2018-0718)

    Vulnerability from nvd – Published: 2018-09-14 13:00 – Updated: 2024-09-16 20:12
    VLAI
    Summary
    Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Music Station Affected: 5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4
    Create a notification for this product.
    Date Public
    2018-09-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Music Station",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4"
                }
              ]
            }
          ],
          "datePublic": "2018-09-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-14T12:57:02.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-09-14T00:00:00",
              "ID": "CVE-2018-0718",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Music Station",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0718",
        "datePublished": "2018-09-14T13:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:12:02.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }