CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7184
https://notcve.org/view.php?id=CVE-2019-7184
05 Dec 2019 — This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. Esta vulnerabilidad de secuencias de comandos entre sitios (XSS) en Video Station permite a los atacantes remotos inyectar y ejecutar secuencias de comandos en la consola de administración del administrador. Para corregir esta vulnerabilidad, QNAP recomienda ac... • https://www.qnap.com/zh-tw/security-advisory/nas-201911-27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-13071
https://notcve.org/view.php?id=CVE-2017-13071
22 Nov 2017 — QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier. QNAP ya ha parcheado esta vulnerabilidad. Este problema de seguridad permite que un atacante remoto ejecute comandos arbitrarios en QNAP Video Station 5.1.3 (para QTS 4.3.3), 5.2.0 (para QTS 4.3.4) y anteriores. • https://www.qnap.com/zh-tw/security-advisory/nas-201711-21 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0142
https://notcve.org/view.php?id=CVE-2013-0142
07 Jun 2013 — QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. Los dispositivos QNAP VioStor NVR con firmware v4.0.3, y el componente Surveillance Station Pro en QNAP NAS, tiene una cuenta de invitado incluida en el código que permite que atacantes remotos consigan acceso al servidor web mediante vectores no especificados. • http://www.kb.cert.org/vuls/id/927644 • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 9%CPEs: 4EXPL: 1CVE-2013-0143 – QNAP VioStor NVR / QNAP NAS - Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-0143
07 Jun 2013 — cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. cgi-bin/pingping.cgi en dispositivos QNAP VioStor NVR con firmware v4.0.3, y en el componente Surveillance Station Pro en QNAP NAS, permite que usuarios remotos autenticados ejecuten comandos de su elección haciendo uso de acceso de invit... • https://www.exploit-db.com/exploits/38550 • CWE-94: Improper Control of Generation of Code ('Code Injection') •