CVE-2019-7193

Published Dec 5, 2019

Last updated 5 months ago

Exploit known CVSS critical 9.8

Overview

Description: This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
Source: security@qnapsecurity.com.tw
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name: QNAP QTS Improper Input Validation Vulnerability
Exploit added on: Jun 8, 2022
Exploit action due: Jun 22, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0895:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1AB2488-4D3D-494B-9C93-1AA3C7964644"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0907:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C24D008-D055-4A2C-88D4-85FB6DC45EFE"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0923:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B64D1A6D-D306-46B8-B345-3D9C38544761"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0944:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "067C0A13-525C-4376-A6CC-0B86F7F92670"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0959:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BAE62E0-5FA0-4B9F-ACCA-9C8C70AC1F2C"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0979:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6023A8C-77A8-4B79-ACC6-872E98CA0D29"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.0993:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAA72D06-4FE1-4DC3-A96B-2975A4A9AF84"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.1013:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CD59BCF-E119-4910-90CE-DCA212D146F5"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.3.6.1033:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8F01168-A599-480D-BEB1-FA0195B696E6"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.0948:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0EDB4B0-42CD-42E4-8EA6-6C7E6946608F"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.0949:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94179DF2-2E1F-4673-B834-987BEE24242B"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.0978:beta_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2768EC66-AE75-405B-B92B-547840C10D78"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.0998:beta_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F83BCDD9-5227-4677-B174-65C653EEDBA1"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.0999:beta_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3AFEC02-4082-4CF2-BDEF-B42CAF6C2AAE"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.1031:beta_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E4BC7EF-8E5C-4D4A-9365-28DA0CC0E879"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:4.4.1.1033:beta_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "491637BB-CF44-43FE-8FF1-AAA22E848B64"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References