CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-19953

Known Exploited (CISA KEV)MEDIUM
6.1
CVSS Severity Score
EPSS Score61.7080%
EPSS Percentile95.67th
Published2020年10月28日
Last Modified2025年11月3日

Vulnerability Description

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.

Affected Platforms (CPE)

💻
Qnap

Qts

< 4.2.6
💻
Qnap

Qts

>= 4.3.1.0013 and < 4.3.3.1161
💻
Qnap

Qts

>= 4.3.4 and < 4.3.4.1190
💻
Qnap

Qts

>= 4.3.6 and < 4.3.6.1218
💻
Qnap

Qts

>= 4.4.0 and < 4.4.1.1201
💻
Qnap

Qts

>= 4.4.2 and < 4.4.2.1231
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6
💻
Qnap

Qts

= 4.2.6

References & Advisories

🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-01
🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-01
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19953

相關漏洞威脅

CVE-2017-787610.0

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have a...

CVE-2021-2879910.0

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, th...

CVE-2018-07309.8

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulne...

CVE-2018-199499.8

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed ...