CVE-2019-7192

Published Dec 5, 2019

Last updated 3 years ago

Exploit known CVSS critical 9.8

Overview

Description: This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
Source: security@qnapsecurity.com.tw
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Known exploits

Data from CISA

Vulnerability name: QNAP Photo Station Improper Access Control Vulnerability
Exploit added on: Jun 8, 2022
Exploit action due: Jun 22, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-863

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EBB24B5-9DF0-4758-8015-8D45CD88E48B",
            "versionEndExcluding": "6.0.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "47B6D38A-D7C9-4D55-921C-488D56C43F25"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E45F93C-9B1F-4C76-AF80-620F6E954522",
            "versionEndExcluding": "5.7.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AD20D15E-C474-48FC-9A84-12CD6AF01F1F",
            "versionEndIncluding": "4.4.0",
            "versionStartIncluding": "4.3.4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C435DCB-A00F-49DA-B06B-06D29F1AAC5A",
            "versionEndExcluding": "5.4.9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "99543D0A-1E01-4664-BDB6-E3263BA34825",
            "versionEndIncluding": "4.3.3",
            "versionStartIncluding": "4.3.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9872DF1-5B03-4D85-925F-D0AF6CE0F5AF",
            "versionEndExcluding": "5.2.11"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1D9E6F8F-A433-45A7-8839-5D478FE179A4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References