CVE-2019-7193
CRITICAL KEV RANSOMWAREQNAP QTS - Remote Code Execution via Improper Input Validation
Title source: llmExploitation Summary
CVE-2019-7193 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022, with confirmed use in ransomware campaigns.
Description
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7193
Scores
CVSS v3
9.8
EPSS
0.2579
EPSS Percentile
96.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2022-06-08
VulnCheck KEV
2022-01-26
InTheWild.io
2020-06-09
ENISA EUVD
EUVD-2019-16737
Ransomware Use
Confirmed
CWE
CWE-20
Status
published
Products (16)
qnap/qts
4.3.6.0895
qnap/qts
4.3.6.0907
qnap/qts
4.3.6.0923
qnap/qts
4.3.6.0944
qnap/qts
4.3.6.0959
qnap/qts
4.3.6.0979
qnap/qts
4.3.6.0993
qnap/qts
4.3.6.1013
qnap/qts
4.3.6.1033
qnap/qts
4.4.1.0948 beta
... and 6 more
Published
Dec 05, 2019
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026