CVSS: 9.8EPSS: 1%CPEs: 25EXPL: 0CVE-2019-7183
https://notcve.org/view.php?id=CVE-2019-7183
This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions. Esta vulnerabilidad de resolución de enlace inapropiada, permite a atacantes remotos acceder a los archivos de sistema. Para corregir esta vulnerabilidad, QNAP recomienda actualizar QTS a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-27 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 97%CPEs: 8EXPL: 1CVE-2019-7195 – QNAP Photo Station Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-7195
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control externo del nombre de archivo o de ruta permite a atacantes remotos acceder o modificar archivos del sistema. Para corregir la vulnerabilidad, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 97%CPEs: 8EXPL: 1CVE-2019-7194 – QNAP Photo Station Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-7194
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control externo del nombre de archivo o de ruta permite a atacantes remotos acceder o modificar archivos del sistema. Para corregir la vulnerabilidad, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 96%CPEs: 8EXPL: 1CVE-2019-7192 – QNAP Photo Station Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2019-7192
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control de acceso inapropiada permite a atacantes remotos conseguir acceso no autorizado al sistema. Para corregir estas vulnerabilidades, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 • CWE-863: Incorrect Authorization •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-7197
https://notcve.org/view.php?id=CVE-2019-7197
A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version. Ha sido reportado que una vulnerabilidad de tipo cross-site scripting (XSS) almacenado afecta a múltiples versiones de QTS. Si es explotada, esta vulnerabilidad puede permitir a un atacante inyectar y ejecutar scripts en la consola del administrador. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •