CyberSec.Space Logo
Back to CVE Browser

CVE-2019-7194

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score94.0220%
EPSS Percentile90.44th
PublishedDec 5, 2019
Last ModifiedOct 27, 2025

Vulnerability Description

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Affected Platforms (CPE)

πŸ“¦
Qnap

Photo Station

< 6.0.3
πŸ“¦
Qnap

Photo Station

< 5.7.10
πŸ“¦
Qnap

Photo Station

< 5.4.9
πŸ“¦
Qnap

Photo Station

< 5.2.11

References & Advisories

πŸ”— http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
πŸ”— https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
πŸ”— http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
πŸ”— https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7194

Related Vulnerabilities

CVE-2021-290899.8

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synol...

CVE-2019-71929.8

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnera...

CVE-2019-71959.8

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vuln...

CVE-2016-103299.8

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitr...