CyberSec.Space Logo
Back to CVE Browser

CVE-2019-7192

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score70.9000%
EPSS Percentile94.92th
PublishedDec 5, 2019
Last ModifiedOct 27, 2025

Vulnerability Description

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

Affected Platforms (CPE)

πŸ“¦
Qnap

Photo Station

< 6.0.3
πŸ“¦
Qnap

Photo Station

< 5.7.10
πŸ“¦
Qnap

Photo Station

< 5.4.9
πŸ“¦
Qnap

Photo Station

< 5.2.11

References & Advisories

πŸ”— http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
πŸ”— https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
πŸ”— http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
πŸ”— https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7192

Related Vulnerabilities

CVE-2021-290899.8

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synol...

CVE-2019-71949.8

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vuln...

CVE-2019-71959.8

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vuln...

CVE-2016-103299.8

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitr...