CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-7194

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score94.0220%
EPSS Percentile90.44th
Published2019年12月5日
Last Modified2025年10月27日

Vulnerability Description

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Affected Platforms (CPE)

📦
Qnap

Photo Station

< 6.0.3
📦
Qnap

Photo Station

< 5.7.10
📦
Qnap

Photo Station

< 5.4.9
📦
Qnap

Photo Station

< 5.2.11

References & Advisories

🔗 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
🔗 https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
🔗 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
🔗 https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7194

関連する脆弱性情報

CVE-2021-290899.8

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synol...

CVE-2019-71929.8

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnera...

CVE-2019-71959.8

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vuln...

CVE-2016-103299.8

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitr...