CyberSec.Space Logo
Back to CVE Browser

CVE-2019-7193

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score42.2070%
EPSS Percentile85.42th
PublishedDec 5, 2019
Last ModifiedOct 27, 2025

Vulnerability Description

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

Affected Platforms (CPE)

πŸ’»
Qnap

Qts

= 4.3.6.0895
πŸ’»
Qnap

Qts

= 4.3.6.0907
πŸ’»
Qnap

Qts

= 4.3.6.0923
πŸ’»
Qnap

Qts

= 4.3.6.0944
πŸ’»
Qnap

Qts

= 4.3.6.0959
πŸ’»
Qnap

Qts

= 4.3.6.0979
πŸ’»
Qnap

Qts

= 4.3.6.0993
πŸ’»
Qnap

Qts

= 4.3.6.1013
πŸ’»
Qnap

Qts

= 4.3.6.1033
πŸ’»
Qnap

Qts

= 4.4.1.0948
πŸ’»
Qnap

Qts

= 4.4.1.0949
πŸ’»
Qnap

Qts

= 4.4.1.0978
πŸ’»
Qnap

Qts

= 4.4.1.0998
πŸ’»
Qnap

Qts

= 4.4.1.0999
πŸ’»
Qnap

Qts

= 4.4.1.1031
πŸ’»
Qnap

Qts

= 4.4.1.1033

References & Advisories

πŸ”— http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
πŸ”— https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
πŸ”— http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
πŸ”— https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7193

Related Vulnerabilities

CVE-2017-787610.0

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have a...

CVE-2021-2879910.0

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, th...

CVE-2018-07309.8

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulne...

CVE-2018-199499.8

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed ...