CVE-2015-6022

HIGH

QNAP Signage Station < 2.0.1 - Authenticated Arbitrary File Upload

Title source: llm
STIX 2.1

Description

Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/444472

Scores

CVSS v3 8.8
EPSS 0.0069
EPSS Percentile 71.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
qnap/signage_station < 2.0
Published Feb 27, 2016
Tracked Since Feb 18, 2026