CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-19950
https://notcve.org/view.php?id=CVE-2018-19950
If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. Si es explotada, esta vulnerabilidad de inyección de comandos podría permitir a atacantes remotos ejecutar comandos arbitrarios. Este problema afecta a: QNAP Systems Inc. • https://www.qnap.com/en/security-advisory/qsa-20-10 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-7185
https://notcve.org/view.php?id=CVE-2019-7185
This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions. Esta vulnerabilidad de secuencias de comandos entre sitios (XSS) en Music Station permite a los atacantes remotos inyectar y ejecutar secuencias de comandos en la consola de administración del administrador. Para corregir esta vulnerabilidad, QNAP recomienda actualizar Music Station a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-0729
https://notcve.org/view.php?id=CVE-2018-0729
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions. Esta vulnerabilidad de inyección de comandos en Music Station permite a atacantes ejecutar comandos sobre el dispositivo afectado. Para corregir la vulnerabilidad, QNAP recomienda actualizar Music Station a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-20 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0718
https://notcve.org/view.php?id=CVE-2018-0718
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. Vulnerabilidad de inyección de comandos en Music Station en versiones 5.1.2 y anteriores en QNAP QTS 4.3.3 y 4.3.4 podría permitir que atacantes remotos ejecuten comandos arbitrarios en la aplicación comprometida. • https://www.qnap.com/zh-tw/security-advisory/nas-201809-14 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13069
https://notcve.org/view.php?id=CVE-2017-13069
QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS. QNAP ha descubierto una serie de vulnerabilidades de inyección de comandos en Music Station en las versiones 4.8.6 (para QTS 4.2.x), 5.0.7 (para QTS 4.3.x) y anteriores. Si se explotan, estas vulnerabilidades podrían permitir que un atacante remoto ejecute comandos arbitrarios en el NAS. • https://www.qnap.com/en/security-advisory/nas-201710-05 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •