CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-19943

Known Exploited (CISA KEV)HIGH
8.0
CVSS Severity Score
EPSS Score58.2420%
EPSS Percentile94.11th
Published2020年10月28日
Last Modified2025年11月3日

Vulnerability Description

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

Affected Platforms (CPE)

💻
Qnap

Qts

< 4.2.6
💻
Qnap

Qts

>= 4.3.1.0013 and < 4.3.3.1252
💻
Qnap

Qts

>= 4.3.4 and < 4.3.4.1282
💻
Qnap

Qts

>= 4.3.6 and < 4.3.6.1263
💻
Qnap

Qts

>= 4.4.0 and < 4.4.1.1261
💻
Qnap

Qts

>= 4.4.2 and < 4.4.2.1270
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6

References & Advisories

🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-01
🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-01
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19943

相关漏洞威胁

CVE-2017-787610.0

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have a...

CVE-2021-2879910.0

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, th...

CVE-2018-07309.8

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulne...

CVE-2018-199499.8

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed ...