CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-7193

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score42.2070%
EPSS Percentile85.42th
Published2019年12月5日
Last Modified2025年10月27日

Vulnerability Description

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

Affected Platforms (CPE)

💻
Qnap

Qts

= 4.3.6.0895
💻
Qnap

Qts

= 4.3.6.0907
💻
Qnap

Qts

= 4.3.6.0923
💻
Qnap

Qts

= 4.3.6.0944
💻
Qnap

Qts

= 4.3.6.0959
💻
Qnap

Qts

= 4.3.6.0979
💻
Qnap

Qts

= 4.3.6.0993
💻
Qnap

Qts

= 4.3.6.1013
💻
Qnap

Qts

= 4.3.6.1033
💻
Qnap

Qts

= 4.4.1.0948
💻
Qnap

Qts

= 4.4.1.0949
💻
Qnap

Qts

= 4.4.1.0978
💻
Qnap

Qts

= 4.4.1.0998
💻
Qnap

Qts

= 4.4.1.0999
💻
Qnap

Qts

= 4.4.1.1031
💻
Qnap

Qts

= 4.4.1.1033

References & Advisories

🔗 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
🔗 https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
🔗 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
🔗 https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7193

相关漏洞威胁

CVE-2017-787610.0

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have a...

CVE-2021-2879910.0

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, th...

CVE-2018-07309.8

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulne...

CVE-2018-199499.8

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed ...