CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 1CVE-2024-50395 – Media Streaming add-on
https://notcve.org/view.php?id=CVE-2024-50395
22 Nov 2024 — An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attacke... • https://github.com/neko-hat/CVE-2024-50395 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47220 – Media Streaming add-on
https://notcve.org/view.php?id=CVE-2023-47220
03 May 2024 — An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta al complemento Media Streaming. Si se explota, la vulnerabilidad podría permitir a los administra... • https://www.qnap.com/en/security-advisory/qsa-24-15 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47222 – Media Streaming add-on
https://notcve.org/view.php?id=CVE-2023-47222
26 Apr 2024 — An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later Se ha informado que una vulnerabilidad de exposición de información confidencial afecta al complemento Media Streaming. Si se explota, la vulnerabilidad podría permitir a los usua... • https://www.qnap.com/en/security-advisory/qsa-24-15 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 15%CPEs: 91EXPL: 0CVE-2023-23369 – QTS, Multimedia Console, and Media Streaming add-on
https://notcve.org/view.php?id=CVE-2023-23369
03 Nov 2023 — An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and ... • https://www.qnap.com/en/security-advisory/qsa-23-35 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-34362 – Command Injection Vulnerability in Media Streaming Add-on
https://notcve.org/view.php?id=CVE-2021-34362
22 Oct 2021 — A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Stre... • https://www.qnap.com/en/security-advisory/qsa-21-44 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 2%CPEs: 60EXPL: 0CVE-2020-36195 – SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On
https://notcve.org/view.php?id=CVE-2020-36195
17 Apr 2021 — An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have ... • https://www.qnap.com/en/security-advisory/qsa-21-11 • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7634
https://notcve.org/view.php?id=CVE-2017-7634
08 Mar 2018 — Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page. Vulnerabilidad Cross-Site Scripting (XSS) en el add-on Media Streaming de la aplicación NAS de QNAP, en versiones 421.1.0.2, 430.1.2.0 y anteriores, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios. El código iny... • https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7638
https://notcve.org/view.php?id=CVE-2017-7638
08 Mar 2018 — QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS. El add-on Media Streaming de la aplicación NAS de QNAP en versiones 421.1.0.2, 430.1.2.0 y anteriores no autentica las peticiones correctamente. Su explotación exitosa podría provocar que se cambie la configuración de Media Streaming y que se fugue info... • https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2017-7640
https://notcve.org/view.php?id=CVE-2017-7640
08 Mar 2018 — QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges. El add-on Media Streaming de la aplicación NAS de QNAP en versiones 421.1.0.2, 430.1.2.0 y anteriores permite que los atacantes remotos ejecuten comandos arbitrarios del sistema operativo contra el sistema con privilegios root. • https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7641
https://notcve.org/view.php?id=CVE-2017-7641
08 Mar 2018 — QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections. El add-on Media Streaming de la aplicación NAS de QNAP en versiones 421.1.0.2, 430.1.2.0 y anteriores no utiliza medidas de seguridad contra CSRF. • https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 • CWE-352: Cross-Site Request Forgery (CSRF) •