CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39299 – Music Station
https://notcve.org/view.php?id=CVE-2023-39299
03 Nov 2023 — A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later Se ha informado que una vulnerabilidad de path traversal que afecta a Music Station. Si se explota, la vulnerabilidad podría permitir a los usuari... • https://www.qnap.com/en/security-advisory/qsa-23-61 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 2%CPEs: 10EXPL: 0CVE-2020-36197 – Improper Access Control Vulnerability in Music Station
https://notcve.org/view.php?id=CVE-2020-36197
13 May 2021 — An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; ve... • http://packetstormsecurity.com/files/162849/QNAP-MusicStation-MalwareRemover-File-Upload-Command-Injection.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-2494 – Cross-site Scripting Vulnerability in Music Station
https://notcve.org/view.php?id=CVE-2020-2494
10 Dec 2020 — This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later Esta vulnerabilidad de tipo cross-site scripting en Music Station permite a atacantes remotos inyectar código malicioso. QNAP ya ha corregido esta vulnerabilidad en las siguientes ... • https://www.qnap.com/en/security-advisory/qsa-20-13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-7185
https://notcve.org/view.php?id=CVE-2019-7185
05 Dec 2019 — This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions. Esta vulnerabilidad de secuencias de comandos entre sitios (XSS) en Music Station permite a los atacantes remotos inyectar y ejecutar secuencias de comandos en la consola de administración del administrador. Para corregir esta vulnerabilidad, QNAP recomienda ac... • https://www.qnap.com/zh-tw/security-advisory/nas-201911-27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 10EXPL: 0CVE-2018-0729
https://notcve.org/view.php?id=CVE-2018-0729
04 Dec 2019 — This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions. Esta vulnerabilidad de inyección de comandos en Music Station permite a atacantes ejecutar comandos sobre el dispositivo afectado. Para corregir la vulnerabilidad, QNAP recomienda actualizar Music Station a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-20 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2018-0718
https://notcve.org/view.php?id=CVE-2018-0718
14 Sep 2018 — Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. Vulnerabilidad de inyección de comandos en Music Station en versiones 5.1.2 y anteriores en QNAP QTS 4.3.3 y 4.3.4 podría permitir que atacantes remotos ejecuten comandos arbitrarios en la aplicación comprometida. • https://www.qnap.com/zh-tw/security-advisory/nas-201809-14 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2017-13069
https://notcve.org/view.php?id=CVE-2017-13069
06 Oct 2017 — QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS. QNAP ha descubierto una serie de vulnerabilidades de inyección de comandos en Music Station en las versiones 4.8.6 (para QTS 4.2.x), 5.0.7 (para QTS 4.3.x) y anteriores. Si se explotan, estas vulnerabilidades podrían permitir que un atacante remoto ejecute ... • https://www.qnap.com/en/security-advisory/nas-201710-05 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •