All the vulnerabilites related to qnap - media_streaming_add-on
cve-2023-23369
Vulnerability from cvelistv5
Published
2023-11-03 16:34
Modified
2024-08-02 10:28
Severity ?
EPSS score ?
Summary
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | QNAP Systems Inc. | Multimedia Console |
Version: 2.1.x < 2.1.2 ( 2023/05/04 ) Version: 1.4.x < 1.4.8 ( 2023/05/05 ) |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Multimedia Console",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.2 ( 2023/05/04 )",
"status": "affected",
"version": "2.1.x",
"versionType": "custom"
},
{
"lessThan": "1.4.8 ( 2023/05/05 )",
"status": "affected",
"version": "1.4.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.0.2399 build 20230515",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
},
{
"lessThan": "4.3.6.2441 build 20230621",
"status": "affected",
"version": "4.3.6",
"versionType": "custom"
},
{
"lessThan": "4.3.4.2451 build 20230621",
"status": "affected",
"version": "4.3.4",
"versionType": "custom"
},
{
"lessThan": "4.3.3.2420 build 20230621",
"status": "affected",
"version": "4.3.3",
"versionType": "custom"
},
{
"lessThan": "4.2.6 build 20230621",
"status": "affected",
"version": "4.2.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Media Streaming add-on",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "500.1.1.2 ( 2023/06/12 )",
"status": "affected",
"version": "500.1.x",
"versionType": "custom"
},
{
"lessThan": "500.0.0.11 ( 2023/06/16 )",
"status": "affected",
"version": "500.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Eqqie"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eMultimedia Console 2.1.2 ( 2023/05/04 ) and later\u003cbr\u003eMultimedia Console 1.4.8 ( 2023/05/05 ) and later\u003cbr\u003eQTS 5.1.0.2399 build 20230515 and later\u003cbr\u003eQTS 4.3.6.2441 build 20230621 and later\u003cbr\u003eQTS 4.3.4.2451 build 20230621 and later\u003cbr\u003eQTS 4.3.3.2420 build 20230621 and later\u003cbr\u003eQTS 4.2.6 build 20230621 and later\u003cbr\u003eMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\u003cbr\u003eMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\u003cbr\u003e"
}
],
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nMultimedia Console 2.1.2 ( 2023/05/04 ) and later\nMultimedia Console 1.4.8 ( 2023/05/05 ) and later\nQTS 5.1.0.2399 build 20230515 and later\nQTS 4.3.6.2441 build 20230621 and later\nQTS 4.3.4.2451 build 20230621 and later\nQTS 4.3.3.2420 build 20230621 and later\nQTS 4.2.6 build 20230621 and later\nMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\nMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\n"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T16:34:40.084Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-35"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eMultimedia Console 2.1.2 ( 2023/05/04 ) and later\u003cbr\u003eMultimedia Console 1.4.8 ( 2023/05/05 ) and later\u003cbr\u003eQTS 5.1.0.2399 build 20230515 and later\u003cbr\u003eQTS 4.3.6.2441 build 20230621 and later\u003cbr\u003eQTS 4.3.4.2451 build 20230621 and later\u003cbr\u003eQTS 4.3.3.2420 build 20230621 and later\u003cbr\u003eQTS 4.2.6 build 20230621 and later\u003cbr\u003eMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\u003cbr\u003eMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nMultimedia Console 2.1.2 ( 2023/05/04 ) and later\nMultimedia Console 1.4.8 ( 2023/05/05 ) and later\nQTS 5.1.0.2399 build 20230515 and later\nQTS 4.3.6.2441 build 20230621 and later\nQTS 4.3.4.2451 build 20230621 and later\nQTS 4.3.3.2420 build 20230621 and later\nQTS 4.2.6 build 20230621 and later\nMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\nMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\n"
}
],
"source": {
"advisory": "QSA-23-35",
"discovery": "EXTERNAL"
},
"title": "QTS, Multimedia Console, and Media Streaming add-on",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2023-23369",
"datePublished": "2023-11-03T16:34:40.084Z",
"dateReserved": "2023-01-11T20:15:53.086Z",
"dateUpdated": "2024-08-02T10:28:40.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36195
Vulnerability from cvelistv5
Published
2021-04-17 03:50
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-11 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | QNAP Systems Inc. | QTS |
Version: unspecified < 4.3.3.1624 Build 20210416 Version: unspecified < 4.3.6.1620 Build 20210322 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "4.3.3.1624 Build 20210416",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.3.6.1620 Build 20210322",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Media Streaming add-on",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "430.1.8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "430.1.8.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Multimedia Console",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yaniv Puyeski"
}
],
"datePublic": "2021-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-943",
"description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-17T03:50:13",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on.\n\nQTS 4.3.3: Media Streaming add-on 430.1.8.10 and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.8 and later\nQTS 4.4.x and later: Multimedia Console 1.3.4 and later\n\nWe have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively:\n\nQTS 4.3.3.1624 Build 20210416 or later\nQTS 4.3.6.1620 Build 20210322 or later"
}
],
"source": {
"advisory": "QSA-21-11",
"discovery": "EXTERNAL"
},
"title": "SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-04-16T03:33:00.000Z",
"ID": "CVE-2020-36195",
"STATE": "PUBLIC",
"TITLE": "SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.3.1624 Build 20210416"
},
{
"version_affected": "\u003c",
"version_value": "4.3.6.1620 Build 20210322"
}
]
}
},
{
"product_name": "Media Streaming add-on",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "430.1.8.10"
},
{
"version_affected": "\u003c",
"version_value": "430.1.8.8"
}
]
}
},
{
"product_name": "Multimedia Console",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.4"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yaniv Puyeski"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-11",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on.\n\nQTS 4.3.3: Media Streaming add-on 430.1.8.10 and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.8 and later\nQTS 4.4.x and later: Multimedia Console 1.3.4 and later\n\nWe have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively:\n\nQTS 4.3.3.1624 Build 20210416 or later\nQTS 4.3.6.1620 Build 20210322 or later"
}
],
"source": {
"advisory": "QSA-21-11",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2020-36195",
"datePublished": "2021-04-17T03:50:13.274444Z",
"dateReserved": "2021-01-19T00:00:00",
"dateUpdated": "2024-09-16T17:28:07.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34362
Vulnerability from cvelistv5
Published
2021-10-22 04:25
Modified
2024-09-16 16:17
Severity ?
EPSS score ?
Summary
A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-44 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | QNAP Systems Inc. | Media Streaming add-on |
Version: unspecified < 500.0.0.3 ( 2021/08/20 ) |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QuTS-Hero 5.0.0"
],
"product": "Media Streaming add-on",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "500.0.0.3 ( 2021/08/20 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "Media Streaming add-on",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "500.0.0.3 ( 2021/08/20 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "Media Streaming add-on",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "500.0.0.3 ( 2021/08/20 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.3.6"
],
"product": "Media Streaming add-on",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "430.1.8.12 ( 2021/08/20 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.3.3"
],
"product": "Media Streaming add-on",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "430.1.8.12 ( 2021/09/29 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2021-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T04:25:09",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Media Streaming add-on:\nQTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later\nQTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later\nQTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later\nQuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
}
],
"source": {
"advisory": "QSA-21-44",
"discovery": "EXTERNAL"
},
"title": "Command Injection Vulnerability in Media Streaming Add-on",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-10-21T17:29:00.000Z",
"ID": "CVE-2021-34362",
"STATE": "PUBLIC",
"TITLE": "Command Injection Vulnerability in Media Streaming Add-on"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Media Streaming add-on",
"version": {
"version_data": [
{
"platform": "QuTS-Hero 5.0.0",
"version_affected": "\u003c",
"version_value": "500.0.0.3 ( 2021/08/20 )"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "500.0.0.3 ( 2021/08/20 )"
},
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "500.0.0.3 ( 2021/08/20 )"
},
{
"platform": "QTS 4.3.6",
"version_affected": "\u003c",
"version_value": "430.1.8.12 ( 2021/08/20 )"
},
{
"platform": "QTS 4.3.3",
"version_affected": "\u003c",
"version_value": "430.1.8.12 ( 2021/09/29 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-44",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Media Streaming add-on:\nQTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later\nQTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later\nQTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later\nQTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later\nQuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
}
],
"source": {
"advisory": "QSA-21-44",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34362",
"datePublished": "2021-10-22T04:25:09.871262Z",
"dateReserved": "2021-06-08T00:00:00",
"dateUpdated": "2024-09-16T16:17:27.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7641
Vulnerability from cvelistv5
Published
2018-03-08 14:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | QNAP | QNAP Media Streaming Add-On |
Version: 421.1.0.2, 430.1.2.0, and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QNAP Media Streaming Add-On",
"vendor": "QNAP",
"versions": [
{
"status": "affected",
"version": "421.1.0.2, 430.1.2.0, and earlier"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-08T13:57:01",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2018-03-08T00:00:00",
"ID": "CVE-2017-7641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QNAP Media Streaming Add-On",
"version": {
"version_data": [
{
"version_value": "421.1.0.2, 430.1.2.0, and earlier"
}
]
}
}
]
},
"vendor_name": "QNAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2017-7641",
"datePublished": "2018-03-08T14:00:00Z",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-09-17T03:23:51.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7640
Vulnerability from cvelistv5
Published
2018-03-08 14:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | QNAP | QNAP Media Streaming Add-On |
Version: 421.1.0.2, 430.1.2.0, and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:28.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QNAP Media Streaming Add-On",
"vendor": "QNAP",
"versions": [
{
"status": "affected",
"version": "421.1.0.2, 430.1.2.0, and earlier"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-08T13:57:01",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2018-03-08T00:00:00",
"ID": "CVE-2017-7640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QNAP Media Streaming Add-On",
"version": {
"version_data": [
{
"version_value": "421.1.0.2, 430.1.2.0, and earlier"
}
]
}
}
]
},
"vendor_name": "QNAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2017-7640",
"datePublished": "2018-03-08T14:00:00Z",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-09-17T01:51:04.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7638
Vulnerability from cvelistv5
Published
2018-03-08 14:00
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | QNAP | QNAP Media Streaming Add-On |
Version: 421.1.0.2, 430.1.2.0, and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QNAP Media Streaming Add-On",
"vendor": "QNAP",
"versions": [
{
"status": "affected",
"version": "421.1.0.2, 430.1.2.0, and earlier"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-08T13:57:01",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2018-03-08T00:00:00",
"ID": "CVE-2017-7638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QNAP Media Streaming Add-On",
"version": {
"version_data": [
{
"version_value": "421.1.0.2, 430.1.2.0, and earlier"
}
]
}
}
]
},
"vendor_name": "QNAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2017-7638",
"datePublished": "2018-03-08T14:00:00Z",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-09-17T02:36:29.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7634
Vulnerability from cvelistv5
Published
2018-03-08 14:00
Modified
2024-09-16 20:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | QNAP | QNAP Media Streaming Add-On |
Version: 421.1.0.2, 430.1.2.0, and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QNAP Media Streaming Add-On",
"vendor": "QNAP",
"versions": [
{
"status": "affected",
"version": "421.1.0.2, 430.1.2.0, and earlier"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-08T13:57:01",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2018-03-08T00:00:00",
"ID": "CVE-2017-7634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QNAP Media Streaming Add-On",
"version": {
"version_data": [
{
"version_value": "421.1.0.2, 430.1.2.0, and earlier"
}
]
}
}
]
},
"vendor_name": "QNAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2017-7634",
"datePublished": "2018-03-08T14:00:00Z",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-09-16T20:11:44.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-04-17 04:15
Modified
2024-11-21 05:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | qts | * | |
| qnap | qts | * | |
| qnap | qts | 4.3.3 | |
| qnap | qts | 4.3.3.0095 | |
| qnap | qts | 4.3.3.0096 | |
| qnap | qts | 4.3.3.0136 | |
| qnap | qts | 4.3.3.0154 | |
| qnap | qts | 4.3.3.0174 | |
| qnap | qts | 4.3.3.0188 | |
| qnap | qts | 4.3.3.0210 | |
| qnap | qts | 4.3.3.0229 | |
| qnap | qts | 4.3.3.0238 | |
| qnap | qts | 4.3.3.0262 | |
| qnap | qts | 4.3.3.0299 | |
| qnap | qts | 4.3.3.0351 | |
| qnap | qts | 4.3.3.0353 | |
| qnap | qts | 4.3.3.0361 | |
| qnap | qts | 4.3.3.0369 | |
| qnap | qts | 4.3.3.0378 | |
| qnap | qts | 4.3.3.0396 | |
| qnap | qts | 4.3.3.0404 | |
| qnap | qts | 4.3.3.0416 | |
| qnap | qts | 4.3.3.0418 | |
| qnap | qts | 4.3.3.0448 | |
| qnap | qts | 4.3.3.0514 | |
| qnap | qts | 4.3.3.0546 | |
| qnap | qts | 4.3.3.0570 | |
| qnap | qts | 4.3.3.0868 | |
| qnap | qts | 4.3.3.0998 | |
| qnap | qts | 4.3.3.1051 | |
| qnap | qts | 4.3.3.1098 | |
| qnap | qts | 4.3.3.1161 | |
| qnap | qts | 4.3.3.1252 | |
| qnap | qts | 4.3.3.1315 | |
| qnap | qts | 4.3.3.1386 | |
| qnap | qts | 4.3.3.1432 | |
| qnap | qts | 4.3.6 | |
| qnap | qts | 4.3.6.0895 | |
| qnap | qts | 4.3.6.0907 | |
| qnap | qts | 4.3.6.0923 | |
| qnap | qts | 4.3.6.0944 | |
| qnap | qts | 4.3.6.0959 | |
| qnap | qts | 4.3.6.0979 | |
| qnap | qts | 4.3.6.0993 | |
| qnap | qts | 4.3.6.1013 | |
| qnap | qts | 4.3.6.1033 | |
| qnap | qts | 4.3.6.1070 | |
| qnap | qts | 4.3.6.1154 | |
| qnap | qts | 4.3.6.1218 | |
| qnap | qts | 4.3.6.1263 | |
| qnap | qts | 4.3.6.1286 | |
| qnap | qts | 4.3.6.1333 | |
| qnap | qts | 4.3.6.1411 | |
| qnap | qts | 4.3.6.1446 | |
| qnap | media_streaming_add-on | * | |
| qnap | qts | 4.3.3 | |
| qnap | media_streaming_add-on | * | |
| qnap | qts | 4.3.6 | |
| qnap | multimedia_console | * | |
| qnap | qts | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49B8CCE7-9635-4E7E-8C06-7928D42EA356",
"versionEndExcluding": "4.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CA5A88-434F-4F66-9374-FF5660D5243E",
"versionEndExcluding": "4.3.6",
"versionStartIncluding": "4.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5994C07-17FE-4784-9FA4-9675BA8B4743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "D1ADCC83-5D09-4CF6-8C9C-42D440C683F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0096:*:*:*:*:*:*:*",
"matchCriteriaId": "B40C2865-B92A-4BE2-921E-E69731764D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0136:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA27794-77A9-41B6-8A04-83C39D1892F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0154:*:*:*:*:*:*:*",
"matchCriteriaId": "5C30D1E2-AB9E-4E1D-BC7E-A9698CA2E7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0174:*:*:*:*:*:*:*",
"matchCriteriaId": "DB10F6C0-7CB4-49D2-A1F7-9F3387CD1271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0188:*:*:*:*:*:*:*",
"matchCriteriaId": "4432295E-DDDE-49E6-AA5F-2B2D9749F5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0210:*:*:*:*:*:*:*",
"matchCriteriaId": "10A901AA-1A4E-4EB0-9CD2-8C377CDFB62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0229:*:*:*:*:*:*:*",
"matchCriteriaId": "E593CFA0-ABF0-4FF6-B2DE-735D68B2DA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0238:*:*:*:*:*:*:*",
"matchCriteriaId": "60E989F4-5B0F-4F20-A722-5F2E299BAF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0262:*:*:*:*:*:*:*",
"matchCriteriaId": "A91C3567-D5D0-476C-B90A-E1D10DC7F6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0299:*:*:*:*:*:*:*",
"matchCriteriaId": "5A37D998-D055-4FC6-98A9-FD59A9B7C199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0351:*:*:*:*:*:*:*",
"matchCriteriaId": "8D849947-2C72-4665-A32F-3E3167B44FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0353:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DE1F84-922B-4286-B250-0A882822B15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0361:*:*:*:*:*:*:*",
"matchCriteriaId": "3F112598-8DE0-4267-89ED-2501041EBCD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0369:*:*:*:*:*:*:*",
"matchCriteriaId": "EB01E995-E8D2-4F16-B307-A436162E5E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0378:*:*:*:*:*:*:*",
"matchCriteriaId": "557915A4-6894-454B-A8D8-4897A12FB290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0396:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C12ADD-6091-4F55-A30C-48E54F07CFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0404:*:*:*:*:*:*:*",
"matchCriteriaId": "6034AF2C-BA1E-41E7-B0F5-191A6DCB7334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0416:*:*:*:*:*:*:*",
"matchCriteriaId": "DA58E847-25D1-48AA-94CB-B4B15B2ACB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0418:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C4062F-D82B-4193-B225-F5AFC13A16E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0448:*:*:*:*:*:*:*",
"matchCriteriaId": "4F46D76D-230D-41AC-B100-0B62B8404378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0514:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AA78A4-00D2-4168-8B48-0A23DD8B3C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0546:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAA1736-2B5E-4F7B-9DC0-065CF4EF9A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0570:*:*:*:*:*:*:*",
"matchCriteriaId": "BE14B09E-69EE-479C-B523-D77C36A9D0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0868:*:*:*:*:*:*:*",
"matchCriteriaId": "1931A1D6-C1E6-410A-9F9E-9FD949D42C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0998:*:*:*:*:*:*:*",
"matchCriteriaId": "77FFA90F-FDFA-4B73-960F-BEE7A92DB6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1051:*:*:*:*:*:*:*",
"matchCriteriaId": "491E9EA6-45FC-4D65-9C4E-AB62095DC861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1098:*:*:*:*:*:*:*",
"matchCriteriaId": "264B823B-E086-464E-A740-68BFB0AB8650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1161:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675D7E-1332-445B-BE5A-0506E765E99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1252:*:*:*:*:*:*:*",
"matchCriteriaId": "DC246E80-7A88-4D91-989B-2922C70B1378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1315:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D69E0D-84C1-4988-9D73-2D3F511748D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1386:*:*:*:*:*:*:*",
"matchCriteriaId": "6F583384-38B8-4BB8-A957-BC6DBC145AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1432:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D05B71-CAF6-416F-BF92-AB4934474F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A0E214BD-DC96-4B53-9BE7-8DD8F79B4542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0895:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AB2488-4D3D-494B-9C93-1AA3C7964644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0907:*:*:*:*:*:*:*",
"matchCriteriaId": "6C24D008-D055-4A2C-88D4-85FB6DC45EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0923:*:*:*:*:*:*:*",
"matchCriteriaId": "B64D1A6D-D306-46B8-B345-3D9C38544761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0944:*:*:*:*:*:*:*",
"matchCriteriaId": "067C0A13-525C-4376-A6CC-0B86F7F92670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0959:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAE62E0-5FA0-4B9F-ACCA-9C8C70AC1F2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0979:*:*:*:*:*:*:*",
"matchCriteriaId": "B6023A8C-77A8-4B79-ACC6-872E98CA0D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0993:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA72D06-4FE1-4DC3-A96B-2975A4A9AF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1013:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD59BCF-E119-4910-90CE-DCA212D146F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1033:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F01168-A599-480D-BEB1-FA0195B696E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1070:*:*:*:*:*:*:*",
"matchCriteriaId": "732218C9-0DD1-4153-BBC4-F9B8DDE03456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1154:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE80D8E-69F2-4AEB-85E1-1B4E64234A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1218:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC2FD13-427C-465C-A829-44224537B6D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1263:*:*:*:*:*:*:*",
"matchCriteriaId": "15182D24-932E-4CC1-A791-DDFCF8B88C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1286:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7B2F4D-4FB2-4DC2-AE97-C6F3081A9A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1333:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB3E4B8-CF05-4EE2-A0DD-53FD50145893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1411:*:*:*:*:*:*:*",
"matchCriteriaId": "45C0ADAF-C42E-44EC-96B9-A8EA33AAB67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1446:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A24254-768F-4538-9DD8-26DCDEECF7CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEE9529-C81D-4EC1-A68D-324B2439546C",
"versionEndExcluding": "430.1.8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5994C07-17FE-4784-9FA4-9675BA8B4743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A76370-2638-4C00-A0BB-42EAC33D2293",
"versionEndExcluding": "430.1.8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9FAC96-AA2A-4CA5-A170-8C0E6BD47391",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:multimedia_console:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D0A81-501F-4ED6-895A-193B0D93217D",
"versionEndExcluding": "1.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CDD34B-E2E5-40AB-B6BE-C90B65BE7BF1",
"versionStartIncluding": "4.4.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later"
},
{
"lang": "es",
"value": "Se ha reportado de una vulnerabilidad de inyecci\u00f3n SQL que afecta al NAS de QNAP que ejecuta Multimedia Console o el add-on Media Streaming. Si se explota, la vulnerabilidad permite a atacantes remotos obtener informaci\u00f3n de la aplicaci\u00f3n.\u0026#xa0;QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Multimedia Console y el add-on Media Streaming. QTS versi\u00f3n 4.3.3: add-on Media Streaming versiones 430.1.8.10 y posteriores. QTS versi\u00f3n 4.3.6: add-on Media Streaming versiones 430.1.8.8 y posteriores. QTS versiones 4.4.x y posteriores. Multimedia Console versiones 1.3.4 y posteriores. Tambi\u00e9n hemos corregido esta vulnerabilidad en las siguientes versiones de QTS 4.3.3 y QTS 4.3.6, respectivamente: QTS versi\u00f3n 4.3.3.1624 Build 20210416 o posteriores. QTS versiones 4.3.6.1620 Build 20210322 o posteriores"
}
],
"id": "CVE-2020-36195",
"lastModified": "2024-11-21T05:28:59.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-17T04:15:11.610",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-11"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-89"
},
{
"lang": "en",
"value": "CWE-943"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-08 14:29
Modified
2024-11-21 03:32
Severity ?
Summary
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | media_streaming_add-on | * | |
| qnap | qts | 4.3.3 | |
| qnap | media_streaming_add-on | * | |
| qnap | qts | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3F2E18-39EA-416E-8351-88D492F10423",
"versionEndIncluding": "430.1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5994C07-17FE-4784-9FA4-9675BA8B4743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12C164C9-CD35-48D5-9856-0CEC646E63C6",
"versionEndIncluding": "421.1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "939BC735-3214-4222-91A7-F24A8B66B218",
"versionEndIncluding": "4.2.6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS."
},
{
"lang": "es",
"value": "El add-on Media Streaming de la aplicaci\u00f3n NAS de QNAP en versiones 421.1.0.2, 430.1.2.0 y anteriores no autentica las peticiones correctamente. Su explotaci\u00f3n exitosa podr\u00eda provocar que se cambie la configuraci\u00f3n de Media Streaming y que se fugue informaci\u00f3n sensible del NAS de QNAP."
}
],
"id": "CVE-2017-7638",
"lastModified": "2024-11-21T03:32:20.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-08T14:29:00.410",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-08 14:29
Modified
2024-11-21 03:32
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | media_streaming_add-on | * | |
| qnap | qts | 4.3.3 | |
| qnap | media_streaming_add-on | * | |
| qnap | qts | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3F2E18-39EA-416E-8351-88D492F10423",
"versionEndIncluding": "430.1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5994C07-17FE-4784-9FA4-9675BA8B4743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12C164C9-CD35-48D5-9856-0CEC646E63C6",
"versionEndIncluding": "421.1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "939BC735-3214-4222-91A7-F24A8B66B218",
"versionEndIncluding": "4.2.6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en el add-on Media Streaming de la aplicaci\u00f3n NAS de QNAP, en versiones 421.1.0.2, 430.1.2.0 y anteriores, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios. El c\u00f3digo inyectado s\u00f3lo se activar\u00e1 mediante un enlace manipulado, no en la p\u00e1gina normal."
}
],
"id": "CVE-2017-7634",
"lastModified": "2024-11-21T03:32:20.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-08T14:29:00.350",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-08 14:29
Modified
2024-11-21 03:32
Severity ?
Summary
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | media_streaming_add-on | * | |
| qnap | qts | 4.3.3 | |
| qnap | media_streaming_add-on | * | |
| qnap | qts | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3F2E18-39EA-416E-8351-88D492F10423",
"versionEndIncluding": "430.1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5994C07-17FE-4784-9FA4-9675BA8B4743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12C164C9-CD35-48D5-9856-0CEC646E63C6",
"versionEndIncluding": "421.1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "939BC735-3214-4222-91A7-F24A8B66B218",
"versionEndIncluding": "4.2.6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges."
},
{
"lang": "es",
"value": "El add-on Media Streaming de la aplicaci\u00f3n NAS de QNAP en versiones 421.1.0.2, 430.1.2.0 y anteriores permite que los atacantes remotos ejecuten comandos arbitrarios del sistema operativo contra el sistema con privilegios root."
}
],
"id": "CVE-2017-7640",
"lastModified": "2024-11-21T03:32:21.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-08T14:29:00.473",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-08 14:29
Modified
2024-11-21 03:32
Severity ?
Summary
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | media_streaming_add-on | * | |
| qnap | qts | 4.3.3 | |
| qnap | media_streaming_add-on | * | |
| qnap | qts | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3F2E18-39EA-416E-8351-88D492F10423",
"versionEndIncluding": "430.1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5994C07-17FE-4784-9FA4-9675BA8B4743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12C164C9-CD35-48D5-9856-0CEC646E63C6",
"versionEndIncluding": "421.1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "939BC735-3214-4222-91A7-F24A8B66B218",
"versionEndIncluding": "4.2.6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections."
},
{
"lang": "es",
"value": "El add-on Media Streaming de la aplicaci\u00f3n NAS de QNAP en versiones 421.1.0.2, 430.1.2.0 y anteriores no utiliza medidas de seguridad contra CSRF."
}
],
"id": "CVE-2017-7641",
"lastModified": "2024-11-21T03:32:21.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-08T14:29:00.520",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-03 17:15
Modified
2024-11-21 07:46
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | qts | 5.1.0.2348 | |
| qnap | qts | 4.3.6.0895 | |
| qnap | qts | 4.3.6.0907 | |
| qnap | qts | 4.3.6.0923 | |
| qnap | qts | 4.3.6.0944 | |
| qnap | qts | 4.3.6.0959 | |
| qnap | qts | 4.3.6.0979 | |
| qnap | qts | 4.3.6.0993 | |
| qnap | qts | 4.3.6.1013 | |
| qnap | qts | 4.3.6.1033 | |
| qnap | qts | 4.3.6.1070 | |
| qnap | qts | 4.3.6.1154 | |
| qnap | qts | 4.3.6.1218 | |
| qnap | qts | 4.3.6.1263 | |
| qnap | qts | 4.3.6.1286 | |
| qnap | qts | 4.3.6.1333 | |
| qnap | qts | 4.3.6.1411 | |
| qnap | qts | 4.3.6.1446 | |
| qnap | qts | 4.3.6.1620 | |
| qnap | qts | 4.3.6.1663 | |
| qnap | qts | 4.3.6.1711 | |
| qnap | qts | 4.3.6.1750 | |
| qnap | qts | 4.3.6.1831 | |
| qnap | qts | 4.3.6.1907 | |
| qnap | qts | 4.3.6.1965 | |
| qnap | qts | 4.3.6.2050 | |
| qnap | qts | 4.3.6.2232 | |
| qnap | qts | 4.3.4.0899 | |
| qnap | qts | 4.3.4.1029 | |
| qnap | qts | 4.3.4.1082 | |
| qnap | qts | 4.3.4.1190 | |
| qnap | qts | 4.3.4.1282 | |
| qnap | qts | 4.3.4.1368 | |
| qnap | qts | 4.3.4.1417 | |
| qnap | qts | 4.3.4.1463 | |
| qnap | qts | 4.3.4.1632 | |
| qnap | qts | 4.3.4.1652 | |
| qnap | qts | 4.3.4.1976 | |
| qnap | qts | 4.3.4.2107 | |
| qnap | qts | 4.3.4.2242 | |
| qnap | qts | 4.3.3.0174 | |
| qnap | qts | 4.3.3.0868 | |
| qnap | qts | 4.3.3.0998 | |
| qnap | qts | 4.3.3.1051 | |
| qnap | qts | 4.3.3.1098 | |
| qnap | qts | 4.3.3.1161 | |
| qnap | qts | 4.3.3.1252 | |
| qnap | qts | 4.3.3.1315 | |
| qnap | qts | 4.3.3.1386 | |
| qnap | qts | 4.3.3.1432 | |
| qnap | qts | 4.3.3.1624 | |
| qnap | qts | 4.3.3.1677 | |
| qnap | qts | 4.3.3.1693 | |
| qnap | qts | 4.3.3.1799 | |
| qnap | qts | 4.3.3.1864 | |
| qnap | qts | 4.3.3.1945 | |
| qnap | qts | 4.3.3.2057 | |
| qnap | qts | 4.3.3.2211 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | qts | 4.2.6 | |
| qnap | multimedia_console | 2.1.0 | |
| qnap | multimedia_console | 2.1.1 | |
| qnap | multimedia_console | 1.4.3 | |
| qnap | multimedia_console | 1.4.4 | |
| qnap | multimedia_console | 1.4.5 | |
| qnap | multimedia_console | 1.4.6 | |
| qnap | multimedia_console | 1.4.7 | |
| qnap | media_streaming_add-on | 500.1.1.0 | |
| qnap | media_streaming_add-on | 500.1.1.1 | |
| qnap | media_streaming_add-on | 500.0.0.0 | |
| qnap | media_streaming_add-on | 500.0.0.1 | |
| qnap | media_streaming_add-on | 500.0.0.3 | |
| qnap | media_streaming_add-on | 500.0.0.4 | |
| qnap | media_streaming_add-on | 500.0.0.5 | |
| qnap | media_streaming_add-on | 500.0.0.6 | |
| qnap | media_streaming_add-on | 500.0.0.7 | |
| qnap | media_streaming_add-on | 500.0.0.8 | |
| qnap | media_streaming_add-on | 500.0.0.9 | |
| qnap | media_streaming_add-on | 500.0.0.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:*",
"matchCriteriaId": "C39B0B5B-93CB-4106-AAA3-00E6E61DDC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:*",
"matchCriteriaId": "1C4725E3-30EE-44C6-9666-889EE2A24E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:*",
"matchCriteriaId": "4217A41D-B8E3-4E42-8583-96A284CA46D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:*",
"matchCriteriaId": "2095D4D4-409D-486A-B389-08645DE2E0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:*",
"matchCriteriaId": "E49E2317-BBB3-4E52-958A-727E51EC93FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:*",
"matchCriteriaId": "E0E448EC-BA27-4271-800A-D7C84958CBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:*",
"matchCriteriaId": "0CF83203-FC41-4EE8-8867-42E8A99C0E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:*",
"matchCriteriaId": "AED6D211-E440-430C-8DB2-AF4DC5B75199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:*",
"matchCriteriaId": "FD0BC5AB-F6D3-4A57-B186-CA683796D879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:*",
"matchCriteriaId": "1400CC6C-2C00-43A5-A39C-7FF7A45B4D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1154:build_20191212:*:*:*:*:*:*",
"matchCriteriaId": "E8F0065B-7CE5-4EFF-899A-100086D71B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1218:build_20200214:*:*:*:*:*:*",
"matchCriteriaId": "63A88B37-B94A-4627-BF0A-69805499F16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1263:build_20200330:*:*:*:*:*:*",
"matchCriteriaId": "F347765F-1C36-41AA-8414-56FEB66F45C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1286:build_20200422:*:*:*:*:*:*",
"matchCriteriaId": "E22A7A54-3FBD-4FF5-842B-20CDEF56EF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1333:build_20200608:*:*:*:*:*:*",
"matchCriteriaId": "40551635-979F-4D0A-B8F2-F640073091E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1411:build_20200825:*:*:*:*:*:*",
"matchCriteriaId": "2D56EDE7-E16F-4EE6-AD88-0901687F2DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1446:build_20200929:*:*:*:*:*:*",
"matchCriteriaId": "D3816896-A891-45AF-BE47-3D2857DAC541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1620:build_20210322:*:*:*:*:*:*",
"matchCriteriaId": "5F01EA3A-CC9B-406E-8643-6054ABE9AD52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1663:build_20210504:*:*:*:*:*:*",
"matchCriteriaId": "D8AA595A-36CA-490F-B6BD-9D896F58FF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1711:build_20210621:*:*:*:*:*:*",
"matchCriteriaId": "2214698A-09DB-40F5-ABDA-55CEB759ACFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1750:build_20210730:*:*:*:*:*:*",
"matchCriteriaId": "232782BB-25D4-4BD1-AAF0-22530CE2C82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1831:build_20211019:*:*:*:*:*:*",
"matchCriteriaId": "B754C198-F85C-401B-995B-D61A73057F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1907:build_20220103:*:*:*:*:*:*",
"matchCriteriaId": "61CAA378-3236-46B4-8A14-092EFF921073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1965:build_20220302:*:*:*:*:*:*",
"matchCriteriaId": "63D954BB-F6C4-4C3A-9E71-F34E53B8E764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.2050:build_20220526:*:*:*:*:*:*",
"matchCriteriaId": "E252DEAA-10C0-4A7D-B66A-1C9ABFC042C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.2232:build_20221124:*:*:*:*:*:*",
"matchCriteriaId": "B8099233-501E-41E8-BBDA-0F5C6BDC0FDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0899:build_20190322:*:*:*:*:*:*",
"matchCriteriaId": "971833DE-934A-4BB5-AA50-E424A3D4EE49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1029:build_20190730:*:*:*:*:*:*",
"matchCriteriaId": "8CF7C63D-18EE-4297-980C-72111832DBA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1082:build_20190921:*:*:*:*:*:*",
"matchCriteriaId": "ED6B6071-8D91-466D-80DB-1620CE9202D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1190:build_20200107:*:*:*:*:*:*",
"matchCriteriaId": "71B9DEEF-D85C-46CE-B0D4-902397B8CD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1282:build_20200408:*:*:*:*:*:*",
"matchCriteriaId": "DB07475A-7C40-450F-85BE-D8A8F7434C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1368:build_20200703:*:*:*:*:*:*",
"matchCriteriaId": "D8A4458A-136F-483D-98D4-43568EC4FC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1417:build_20200821:*:*:*:*:*:*",
"matchCriteriaId": "D26CD586-13C5-4F77-9DC0-3565A3FF7F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1463:build_20201006:*:*:*:*:*:*",
"matchCriteriaId": "6390A450-25B5-41CC-9866-1AC81ECD0DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1632:build_20210324:*:*:*:*:*:*",
"matchCriteriaId": "DD5F45E0-8DE4-4DF0-AF65-DE8149E2B738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1652:build_20210413:*:*:*:*:*:*",
"matchCriteriaId": "CE252780-1A93-4211-91E3-CE46B26EC2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1976:build_20220303:*:*:*:*:*:*",
"matchCriteriaId": "C2103CD3-4E85-4C08-A73C-EE5392682027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.2107:build_20220712:*:*:*:*:*:*",
"matchCriteriaId": "E21AE5D2-93C8-49AF-A88D-F8C561B76857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.2242:build_20221124:*:*:*:*:*:*",
"matchCriteriaId": "D7268137-D207-4294-9CD1-BA776AE9606E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0174:build_20170503:*:*:*:*:*:*",
"matchCriteriaId": "3686F6D2-9F42-489A-B4FF-9CDF127BD2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0868:build_20190322:*:*:*:*:*:*",
"matchCriteriaId": "08C2B922-0B29-41FA-9FA7-5821713541E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0998:build_20190730:*:*:*:*:*:*",
"matchCriteriaId": "32BFAA90-8807-4D5E-B150-0760F682C6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1051:build_20190921:*:*:*:*:*:*",
"matchCriteriaId": "5F26EEEF-EDCD-4E7F-8F66-FD44B6521663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1098:build_20191107:*:*:*:*:*:*",
"matchCriteriaId": "81652269-F0DB-4350-8DC0-4CC203C1DF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1161:build_20200109:*:*:*:*:*:*",
"matchCriteriaId": "B1DCFEFF-AB18-4B4E-9B99-9DBDC5AF49CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1252:build_20200409:*:*:*:*:*:*",
"matchCriteriaId": "9951A1AF-4B46-4D9D-B6C5-2BCB15BD070C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1315:build_20200611:*:*:*:*:*:*",
"matchCriteriaId": "0AB586D1-CF9F-4C87-B604-6A9DB9657D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1386:build_20200821:*:*:*:*:*:*",
"matchCriteriaId": "6D3650DB-205C-4B13-BDFC-E56172DD4156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1432:build_20201006:*:*:*:*:*:*",
"matchCriteriaId": "ECD41187-A0AF-41E8-A884-E605C6CF7DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1624:build_20210416:*:*:*:*:*:*",
"matchCriteriaId": "DC95BBCC-A0D8-42FB-880F-5155655519C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1677:build_20210608:*:*:*:*:*:*",
"matchCriteriaId": "7D84B904-55E9-414A-9CBC-232EADD08E88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1693:build_20210624:*:*:*:*:*:*",
"matchCriteriaId": "1FA8C7BD-C123-484A-8317-37AE1C68D110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1799:build_20211008:*:*:*:*:*:*",
"matchCriteriaId": "C0BAF780-8DD3-4AC4-86CF-A2FD903EA171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1864:build_20211212:*:*:*:*:*:*",
"matchCriteriaId": "F25FEB20-22E9-41B5-B310-21C95D29C604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1945:build_20220303:*:*:*:*:*:*",
"matchCriteriaId": "82EE2EC6-F5EA-4E6A-B24A-C9D5925B4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.2057:build_20220623:*:*:*:*:*:*",
"matchCriteriaId": "2C735F47-4409-47E9-B616-31BADC64EB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.2211:build_20221124:*:*:*:*:*:*",
"matchCriteriaId": "BEC5C7EC-0055-4D83-B700-6BB571139761",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*",
"matchCriteriaId": "8F523E9F-D101-4C29-A624-74E1F3F8CB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*",
"matchCriteriaId": "1388DBE0-F6BB-44AB-81AC-BFB4E70BE820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*",
"matchCriteriaId": "CF3C4461-C1B6-43A1-BA5E-D6658EFD06EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*",
"matchCriteriaId": "A1F11848-6FED-4D58-A177-36D280C0347C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*",
"matchCriteriaId": "F6259C86-FFDA-40E8-AF0C-33CC8C108DC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*",
"matchCriteriaId": "9E01E157-BDF1-4B00-BA9B-6887C0C7DFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*",
"matchCriteriaId": "1D1E5368-9587-4E0A-BB65-D88069CA8490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*",
"matchCriteriaId": "B63CE419-871C-4866-8AB1-4BB6461E1D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*",
"matchCriteriaId": "886A71D1-9615-47A5-B3C2-CBC6F02961A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:*",
"matchCriteriaId": "9B7A506C-1F53-4CEC-9828-9327352DE153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:*",
"matchCriteriaId": "060D81A5-599A-4329-99C8-D69725C65AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20220304:*:*:*:*:*:*",
"matchCriteriaId": "DB41EDDB-E185-4E3F-9497-3826A7955BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20220623:*:*:*:*:*:*",
"matchCriteriaId": "86830BEE-D24C-4618-9070-EA968D533096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20221028:*:*:*:*:*:*",
"matchCriteriaId": "5FDF9A85-F956-4C2F-80FD-E5D899761A15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:multimedia_console:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5069CEB-730E-4BA5-8EF1-FED10DE1304E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:multimedia_console:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3754C6D8-D289-47FF-B1B4-96261BA6A456",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:multimedia_console:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9037AA70-FCE0-4316-957F-704DEEAA62CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:multimedia_console:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF99C83-480B-4A8D-BB22-371232EE18D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:multimedia_console:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33DF65AF-39EC-43C6-BFA2-D7CF2AE40102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:multimedia_console:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5409C90A-2455-4386-A649-B0636F95EE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:multimedia_console:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7FF87C-F9B2-4CB7-9E4D-DFF55CE926E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05506D64-31ED-49A8-9049-B75741B10794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46A09B43-F768-45EA-81FB-44B57997E3C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAE5689-8B88-40AD-8BA0-24A50F6D389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA98BDBD-CCC2-434D-87CB-2B668A6D7BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0346A7-4C30-49DA-ADA9-CE70F8648A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "44A84118-85CD-4B4E-9481-381AAE324FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30E4B17E-48F6-48AA-A7BD-C23F117B1B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54DF0C8A-86B0-4E85-8815-6525F636DDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D40A1321-4ACD-4F8E-B4DE-0FBB31284919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB5B9-46AB-4511-9FEA-52ABBB7915E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F82FB6AC-3756-4037-911B-6BD65E71DA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "92FF2337-F378-428B-B23D-5836C97625E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nMultimedia Console 2.1.2 ( 2023/05/04 ) and later\nMultimedia Console 1.4.8 ( 2023/05/05 ) and later\nQTS 5.1.0.2399 build 20230515 and later\nQTS 4.3.6.2441 build 20230621 and later\nQTS 4.3.4.2451 build 20230621 and later\nQTS 4.3.3.2420 build 20230621 and later\nQTS 4.2.6 build 20230621 and later\nMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later\nMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: Multimedia Console 2.1.2 ( 2023/05/04 ) y posteriores Multimedia Console 1.4.8 ( 2023/05/05 ) y posteriores QTS 5.1.0.2399 build 20230515 y posteriores QTS 4.3.6.2441 build 20230621 y posteriores QTS 4.3.4.2451 build 20230621 y posteriores QTS 4.3.3.2420 build 20230621 y posteriores QTS 4.2.6 build 20230621 y posteriores Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) y posteriores Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) y posteriores"
}
],
"id": "CVE-2023-23369",
"lastModified": "2024-11-21T07:46:02.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-03T17:15:08.327",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-35"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-22 05:15
Modified
2024-11-21 06:10
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29C69F02-28F2-4BCB-A59A-29AB0D7B78B2",
"versionEndExcluding": "500.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4614DB45-E510-42A3-B254-DB8C4A99E907",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC98874F-5D92-481D-B4E2-EC548727719C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B0CECE-282E-41F0-B50E-0DC182D6A872",
"versionEndExcluding": "430.1.8.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "B16E7153-5F0F-489A-AA34-4A74CB04225B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A0E214BD-DC96-4B53-9BE7-8DD8F79B4542",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29C69F02-28F2-4BCB-A59A-29AB0D7B78B2",
"versionEndExcluding": "500.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "73A514A9-AF79-4CCB-8DFD-347FF487B47A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79F492BF-8B5C-4C3A-9F00-D3304BFED992",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos que afecta al dispositivo QNAP que ejecuta el complemento Media Streaming. Si es explotado, esta vulnerabilidad permite a atacantes remotos ejecutar comandos arbitrarios. Ya hemos corregido esta vulnerabilidad en las siguientes versiones del complemento Media Streaming: QTS 5.0.0: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores QTS 4.5.4: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores QTS 4.3.6: Media Streaming add-on 430.1.8.12 (20/08/2021) y posteriores QTS 4.3.3: Media Streaming add-on 430.1.8.12 (29/09/2021) y posteriores QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores"
}
],
"id": "CVE-2021-34362",
"lastModified": "2024-11-21T06:10:14.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-22T05:15:41.773",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-44"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}