← Back

CVE-2019-7183

nvd nist
Published: Dec 5, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions.

Affected (25)

Products: Qnap: Qts
Qnap
1 product
Qts
Configuration A
25 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Qts
Version 4.2.6
Qts
Version 4.3.3.0868
Qts
Version 4.3.3.0998
Qts
Version 4.3.4.0899
Qts
Version 4.3.4.1029
Qts
Version 4.3.6.0895
Qts
Version 4.3.6.0907
Qts
Version 4.3.6.0923
Qts
Version 4.3.6.0944
Qts
Version 4.3.6.0959
Qts
Version 4.3.6.0979
Qts
Version 4.3.6.0993
Qts
Version 4.3.6.1013
Qts
Version 4.3.6.1033
Qts
Version 4.4.1.0948 beta
Qts
Version 4.4.1.0949 beta
Qts
Version 4.4.1.0978 beta_2
Qts
Version 4.4.1.0998 beta_3
Qts
Version 4.4.1.0999 beta_3
Qts
Version 4.4.1.1031 beta_4
Qts
Version 4.4.1.1033 beta_4
Qts
Version 4.4.1.1064
Qts
Version 4.4.1.1081
Qts
Version 4.4.1.1086
Qts
Version 4.4.1.1101

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (2)

Source: security@qnapsecurity.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.