Description
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qnap.com/zh-tw/security-advisory/nas-201911-20
Scores
CVSS v3
9.8
EPSS
0.0354
EPSS Percentile
87.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
qnap/music_station
< 5.3.5
Published
Dec 04, 2019
Tracked Since
Feb 18, 2026