CVE-2019-7183

CRITICAL

QNAP QTS - Improper Link Resolution Before File Access

Title source: llm

Description

This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qnap.com/zh-tw/security-advisory/nas-201911-27

Scores

CVSS v3 9.8

EPSS 0.0125

EPSS Percentile 79.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-59

Status published

Products (25)

qnap/qts 4.2.6

qnap/qts 4.3.3.0868

qnap/qts 4.3.3.0998

qnap/qts 4.3.4.0899

qnap/qts 4.3.4.1029

qnap/qts 4.3.6.0895

qnap/qts 4.3.6.0907

qnap/qts 4.3.6.0923

qnap/qts 4.3.6.0944

qnap/qts 4.3.6.0959

... and 15 more

Published Dec 05, 2019

Tracked Since Feb 18, 2026