Overview
- Description
- This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
- Source
- security@qnapsecurity.com.tw
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Known exploits
Data from CISA
- Vulnerability name
- QNAP Photo Station Path Traversal Vulnerability
- Exploit added on
- Jun 8, 2022
- Exploit action due
- Jun 22, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EBB24B5-9DF0-4758-8015-8D45CD88E48B",
"versionEndExcluding": "6.0.3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "47B6D38A-D7C9-4D55-921C-488D56C43F25"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E45F93C-9B1F-4C76-AF80-620F6E954522",
"versionEndExcluding": "5.7.10"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AD20D15E-C474-48FC-9A84-12CD6AF01F1F",
"versionEndIncluding": "4.4.0",
"versionStartIncluding": "4.3.4"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C435DCB-A00F-49DA-B06B-06D29F1AAC5A",
"versionEndExcluding": "5.4.9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "99543D0A-1E01-4664-BDB6-E3263BA34825",
"versionEndIncluding": "4.3.3",
"versionStartIncluding": "4.3.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9872DF1-5B03-4D85-925F-D0AF6CE0F5AF",
"versionEndExcluding": "5.2.11"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1D9E6F8F-A433-45A7-8839-5D478FE179A4"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]