CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-7192

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score70.9000%
EPSS Percentile94.92th
Published2019年12月5日
Last Modified2025年10月27日

Vulnerability Description

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

Affected Platforms (CPE)

📦
Qnap

Photo Station

< 6.0.3
📦
Qnap

Photo Station

< 5.7.10
📦
Qnap

Photo Station

< 5.4.9
📦
Qnap

Photo Station

< 5.2.11

References & Advisories

🔗 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
🔗 https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
🔗 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
🔗 https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7192

関連する脆弱性情報

CVE-2021-290899.8

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synol...

CVE-2019-71949.8

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vuln...

CVE-2019-71959.8

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vuln...

CVE-2016-103299.8

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitr...