9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Exploitability: 3.9 / Impact: 5.2
Source: NVD
Description
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
Affected (5)
Products: Qnap: Photo Station
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.14 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 4.2.6 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.15 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 4.3.3 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.7.18 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 4.3.6 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.0.22 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | From 4.5.1 to 4.5.4.2012 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.1.2 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 5.0.1 |
References (3)
Source: security@qnapsecurity.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Timeline
No history available yet.