CVE-2019-7193

CRITICAL KEV RANSOMWARE

QNAP QTS - Code Injection

Title source: llm

Description

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

[Vendor Advisory] https://www.qnap.com/zh-tw/security-advisory/nas-201911-25

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7193

Scores

CVSS v3 9.8

EPSS 0.2579

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-06-08

VulnCheck KEV 2022-01-26

InTheWild.io 2020-06-09

ENISA EUVD EUVD-2019-16737

Ransomware Use Confirmed

CWE

CWE-20

Status published

Products (16)

qnap/qts 4.3.6.0895

qnap/qts 4.3.6.0907

qnap/qts 4.3.6.0923

qnap/qts 4.3.6.0944

qnap/qts 4.3.6.0959

qnap/qts 4.3.6.0979

qnap/qts 4.3.6.0993

qnap/qts 4.3.6.1013

qnap/qts 4.3.6.1033

qnap/qts 4.4.1.0948 beta

... and 6 more

Published Dec 05, 2019

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026