Description
This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qnap.com/zh-tw/security-advisory/nas-201911-20
Scores
CVSS v3
9.8
EPSS
0.0101
EPSS Percentile
77.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (25)
qnap/qts
4.2.6
qnap/qts
4.3.3.0868
qnap/qts
4.3.3.0998
qnap/qts
4.3.4.0899
qnap/qts
4.3.4.1029
qnap/qts
4.3.6.0895
qnap/qts
4.3.6.0907
qnap/qts
4.3.6.0923
qnap/qts
4.3.6.0944
qnap/qts
4.3.6.0959
... and 15 more
Published
Dec 04, 2019
Tracked Since
Feb 18, 2026