CVE-2018-0730

Published Dec 4, 2019

Last updated 4 years ago

CVSS critical 9.8

Overview

Description: This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
Source: security@qnapsecurity.com.tw
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-77

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D9E6F8F-A433-45A7-8839-5D478FE179A4"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.3.0868:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1931A1D6-C1E6-410A-9F9E-9FD949D42C58"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.3.0998:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77FFA90F-FDFA-4B73-960F-BEE7A92DB6BA"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.4.0899:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98DCB45E-6024-4BB6-A40A-1CB871343930"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.4.1029:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "485AF3DC-126D-464C-A6ED-59746031BCC5"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0895:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1AB2488-4D3D-494B-9C93-1AA3C7964644"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0907:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C24D008-D055-4A2C-88D4-85FB6DC45EFE"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0923:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B64D1A6D-D306-46B8-B345-3D9C38544761"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0944:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "067C0A13-525C-4376-A6CC-0B86F7F92670"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0959:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BAE62E0-5FA0-4B9F-ACCA-9C8C70AC1F2C"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0979:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6023A8C-77A8-4B79-ACC6-872E98CA0D29"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0993:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAA72D06-4FE1-4DC3-A96B-2975A4A9AF84"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.1013:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CD59BCF-E119-4910-90CE-DCA212D146F5"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.1033:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8F01168-A599-480D-BEB1-FA0195B696E6"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.0948:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0EDB4B0-42CD-42E4-8EA6-6C7E6946608F"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.0949:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94179DF2-2E1F-4673-B834-987BEE24242B"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.0978:beta_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2768EC66-AE75-405B-B92B-547840C10D78"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.0998:beta_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F83BCDD9-5227-4677-B174-65C653EEDBA1"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.0999:beta_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3AFEC02-4082-4CF2-BDEF-B42CAF6C2AAE"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.1031:beta_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E4BC7EF-8E5C-4D4A-9365-28DA0CC0E879"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.1033:beta_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "491637BB-CF44-43FE-8FF1-AAA22E848B64"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.1064:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0E47BAD-87AD-49AB-87B6-E5188067F961"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.1081:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FB45CEB-A2E8-454A-8BA0-7BA039E50608"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.1086:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5706EBB-06AD-433F-88E3-B273981A2F4F"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.1101:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "215082F9-960F-483A-99EC-9861687CB18F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References