CVE-2019-7194

CRITICAL KEV RANSOMWARE NUCLEI

QNAP Photo Station - Path Traversal

Title source: llm

Exploitation Summary

CVE-2019-7194 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022, with confirmed use in ransomware campaigns. EIP tracks 1 public exploit from researchers including Henry Huang, including a Metasploit module auxiliary/gather/qnap_lfi. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a local file inclusion (LFI) vulnerability in QNAP QTS and Photo Station, allowing unauthenticated attackers to download sensitive files such as /etc/shadow. It retrieves album IDs and access codes to perform the LFI attack.

Description

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Exploits (1)

metasploit WORKING POC

by Henry Huang · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/qnap_lfi.rb

View Code ZIP pw:eip

This Metasploit module exploits a local file inclusion (LFI) vulnerability in QNAP QTS and Photo Station, allowing unauthenticated attackers to download sensitive files such as /etc/shadow. It retrieves album IDs and access codes to perform the LFI attack.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: QNAP QTS (versions before 20191206) and Photo Station (versions before 5.7.9)

No auth needed

Prerequisites: Network access to the target QNAP device · Photo Station service running on the target

MITRE ATT&CK

T1003.008 - /etc/passwd and /etc/shadow

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

QNAP Photo Station < 6.0.3 - Remote Code Execution

CRITICALVERIFIEDby x-stp

Shodan: content-length:"580 "http server 1.0"" || http.title:"photo station" || http.title:"qnap"

FOFA: title="photo station" || title="qnap"

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://www.qnap.com/zh-tw/security-advisory/nas-201911-25

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7194

Scores

CVSS v3 9.8

EPSS 0.9394

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2022-06-08

VulnCheck KEV 2020-06-11

InTheWild.io 2020-06-09

ENISA EUVD EUVD-2019-16738

Ransomware Use Confirmed

CWE

CWE-22

Status published

Products (1)

qnap/photo_station < 6.0.3

Published Dec 05, 2019

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026