CVE-2019-7192 (GCVE-0-2019-7192)

Vulnerability from cvelistv5 – Published: 2019-12-05 16:17 – Updated: 2025-10-21 23:35
VLAI? CISA
Summary
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • Improper Access Control
Assigner
References
Impacted products
Vendor Product Version
n/a QNAP NAS devices running Photo Station Affected: QTS 4.4.1: Photo Station before version 6.0.3, QTS 4.3.4 - QTS 4.4.0: Photo Station before version 5.7.10, QTS 4.3.0 - QTS 4.3.3: Photo Station before version 5.4.9, QTS 4.2.6: Photo Station before version 5.2.11
CISA Known Exploited Vulnerability
Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-06-08

Due date: 2022-06-22

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-7192

Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:38:33.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-7192",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T20:42:57.693449Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-06-08",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7192"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:57.175Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7192"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-06-08T00:00:00+00:00",
            "value": "CVE-2019-7192 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QNAP NAS devices running Photo Station",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "QTS 4.4.1: Photo Station before version 6.0.3, QTS 4.3.4 - QTS 4.4.0: Photo Station before version 5.7.10, QTS 4.3.0 - QTS 4.3.3: Photo Station before version 5.4.9, QTS 4.2.6: Photo Station before version 5.2.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-28T17:06:20.000Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@qnap.com",
          "ID": "CVE-2019-7192",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "QNAP NAS devices running Photo Station",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "QTS 4.4.1: Photo Station before version 6.0.3, QTS 4.3.4 - QTS 4.4.0: Photo Station before version 5.7.10, QTS 4.3.0 - QTS 4.3.3: Photo Station before version 5.4.9, QTS 4.2.6: Photo Station before version 5.2.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25",
              "refsource": "CONFIRM",
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25"
            },
            {
              "name": "http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2019-7192",
    "datePublished": "2019-12-05T16:17:29.000Z",
    "dateReserved": "2019-01-29T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:57.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2019-7192",
      "cwes": "[\"CWE-863\"]",
      "dateAdded": "2022-06-08",
      "dueDate": "2022-06-22",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2019-7192",
      "product": "Photo Station",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.",
      "vendorProject": "QNAP",
      "vulnerabilityName": "QNAP Photo Station Improper Access Control Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-06-22",
      "cisaExploitAdd": "2022-06-08",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "QNAP Photo Station Improper Access Control Vulnerability",
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.0.3\", \"matchCriteriaId\": \"4EBB24B5-9DF0-4758-8015-8D45CD88E48B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47B6D38A-D7C9-4D55-921C-488D56C43F25\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.7.10\", \"matchCriteriaId\": \"7E45F93C-9B1F-4C76-AF80-620F6E954522\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3.4\", \"versionEndIncluding\": \"4.4.0\", \"matchCriteriaId\": \"AD20D15E-C474-48FC-9A84-12CD6AF01F1F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.4.9\", \"matchCriteriaId\": \"0C435DCB-A00F-49DA-B06B-06D29F1AAC5A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3.0\", \"versionEndIncluding\": \"4.3.3\", \"matchCriteriaId\": \"99543D0A-1E01-4664-BDB6-E3263BA34825\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.2.11\", \"matchCriteriaId\": \"B9872DF1-5B03-4D85-925F-D0AF6CE0F5AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D9E6F8F-A433-45A7-8839-5D478FE179A4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.\"}, {\"lang\": \"es\", \"value\": \"Esta vulnerabilidad de control de acceso inapropiada permite a atacantes remotos conseguir acceso no autorizado al sistema. Para corregir estas vulnerabilidades, QNAP recomienda actualizar Photo Station a sus \\u00faltimas versiones.\"}]",
      "id": "CVE-2019-7192",
      "lastModified": "2024-11-21T04:47:44.477",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-05T17:15:12.950",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html\", \"source\": \"security@qnapsecurity.com.tw\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.qnap.com/zh-tw/security-advisory/nas-201911-25\", \"source\": \"security@qnapsecurity.com.tw\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.qnap.com/zh-tw/security-advisory/nas-201911-25\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@qnapsecurity.com.tw",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-7192\",\"sourceIdentifier\":\"security@qnapsecurity.com.tw\",\"published\":\"2019-12-05T17:15:12.950\",\"lastModified\":\"2025-10-27T17:15:35.407\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.\"},{\"lang\":\"es\",\"value\":\"Esta vulnerabilidad de control de acceso inapropiada permite a atacantes remotos conseguir acceso no autorizado al sistema. Para corregir estas vulnerabilidades, QNAP recomienda actualizar Photo Station a sus \u00faltimas versiones.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-06-08\",\"cisaActionDue\":\"2022-06-22\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"QNAP Photo Station Improper Access Control Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.3\",\"matchCriteriaId\":\"4EBB24B5-9DF0-4758-8015-8D45CD88E48B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47B6D38A-D7C9-4D55-921C-488D56C43F25\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.7.10\",\"matchCriteriaId\":\"7E45F93C-9B1F-4C76-AF80-620F6E954522\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.4\",\"versionEndIncluding\":\"4.4.0\",\"matchCriteriaId\":\"AD20D15E-C474-48FC-9A84-12CD6AF01F1F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.4.9\",\"matchCriteriaId\":\"0C435DCB-A00F-49DA-B06B-06D29F1AAC5A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndIncluding\":\"4.3.3\",\"matchCriteriaId\":\"99543D0A-1E01-4664-BDB6-E3263BA34825\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.11\",\"matchCriteriaId\":\"B9872DF1-5B03-4D85-925F-D0AF6CE0F5AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D9E6F8F-A433-45A7-8839-5D478FE179A4\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html\",\"source\":\"security@qnapsecurity.com.tw\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.qnap.com/zh-tw/security-advisory/nas-201911-25\",\"source\":\"security@qnapsecurity.com.tw\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.qnap.com/zh-tw/security-advisory/nas-201911-25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7192\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"QNAP NAS devices running Photo Station\", \"vendor\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"QTS 4.4.1: Photo Station before version 6.0.3, QTS 4.3.4 - QTS 4.4.0: Photo Station before version 5.7.10, QTS 4.3.0 - QTS 4.3.3: Photo Station before version 5.4.9, QTS 4.2.6: Photo Station before version 5.2.11\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Improper Access Control\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2020-05-28T17:06:20.000Z\", \"orgId\": \"2fd009eb-170a-4625-932b-17a53af1051f\", \"shortName\": \"qnap\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://www.qnap.com/zh-tw/security-advisory/nas-201911-25\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"security@qnap.com\", \"ID\": \"CVE-2019-7192\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"QNAP NAS devices running Photo Station\", \"version\": {\"version_data\": [{\"version_value\": \"QTS 4.4.1: Photo Station before version 6.0.3, QTS 4.3.4 - QTS 4.4.0: Photo Station before version 5.7.10, QTS 4.3.0 - QTS 4.3.3: Photo Station before version 5.4.9, QTS 4.2.6: Photo Station before version 5.2.11\"}]}}]}, \"vendor_name\": \"n/a\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Improper Access Control\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://www.qnap.com/zh-tw/security-advisory/nas-201911-25\", \"refsource\": \"CONFIRM\", \"url\": \"https://www.qnap.com/zh-tw/security-advisory/nas-201911-25\"}, {\"name\": \"http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html\", \"refsource\": \"MISC\", \"url\": \"http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T20:38:33.498Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://www.qnap.com/zh-tw/security-advisory/nas-201911-25\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html\"}]}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-7192\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-06T20:42:57.693449Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-06-08\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7192\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T20:42:59.935Z\"}, \"timeline\": [{\"time\": \"2022-06-08T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2019-7192 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"assignerOrgId\": \"2fd009eb-170a-4625-932b-17a53af1051f\", \"assignerShortName\": \"qnap\", \"cveId\": \"CVE-2019-7192\", \"datePublished\": \"2019-12-05T16:17:29.000Z\", \"dateReserved\": \"2019-01-29T00:00:00.000Z\", \"dateUpdated\": \"2025-07-30T01:45:53.769Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.