CVE-2020-36195
SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
Se ha reportado de una vulnerabilidad de inyección SQL que afecta al NAS de QNAP que ejecuta Multimedia Console o el add-on Media Streaming. Si se explota, la vulnerabilidad permite a atacantes remotos obtener información de la aplicación. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Multimedia Console y el add-on Media Streaming. QTS versión 4.3.3: add-on Media Streaming versiones 430.1.8.10 y posteriores. QTS versión 4.3.6: add-on Media Streaming versiones 430.1.8.8 y posteriores. QTS versiones 4.4.x y posteriores. Multimedia Console versiones 1.3.4 y posteriores. También hemos corregido esta vulnerabilidad en las siguientes versiones de QTS 4.3.3 y QTS 4.3.6, respectivamente: QTS versión 4.3.3.1624 Build 20210416 o posteriores. QTS versiones 4.3.6.1620 Build 20210322 o posteriores
*Credits:
Yaniv Puyeski
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-19 CVE Reserved
- 2021-04-17 CVE Published
- 2023-12-31 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CWE-943: Improper Neutralization of Special Elements in Data Query Logic
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-11 | 2021-04-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qnap Search vendor "Qnap" | Media Streaming Add-on Search vendor "Qnap" for product "Media Streaming Add-on" | < 430.1.8.10 Search vendor "Qnap" for product "Media Streaming Add-on" and version " < 430.1.8.10" | - |
Affected
| in | Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3 Search vendor "Qnap" for product "Qts" and version "4.3.3" | - |
Safe
|
| Qnap Search vendor "Qnap" | Media Streaming Add-on Search vendor "Qnap" for product "Media Streaming Add-on" | < 430.1.8.8 Search vendor "Qnap" for product "Media Streaming Add-on" and version " < 430.1.8.8" | - |
Affected
| in | Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6 Search vendor "Qnap" for product "Qts" and version "4.3.6" | - |
Safe
|
| Qnap Search vendor "Qnap" | Multimedia Console Search vendor "Qnap" for product "Multimedia Console" | < 1.3.4 Search vendor "Qnap" for product "Multimedia Console" and version " < 1.3.4" | - |
Affected
| in | Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | >= 4.4.0 Search vendor "Qnap" for product "Qts" and version " >= 4.4.0" | - |
Safe
|
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | < 4.3.3 Search vendor "Qnap" for product "Qts" and version " < 4.3.3" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | >= 4.3.4 < 4.3.6 Search vendor "Qnap" for product "Qts" and version " >= 4.3.4 < 4.3.6" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3 Search vendor "Qnap" for product "Qts" and version "4.3.3" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0095 Search vendor "Qnap" for product "Qts" and version "4.3.3.0095" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0096 Search vendor "Qnap" for product "Qts" and version "4.3.3.0096" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0136 Search vendor "Qnap" for product "Qts" and version "4.3.3.0136" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0154 Search vendor "Qnap" for product "Qts" and version "4.3.3.0154" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0174 Search vendor "Qnap" for product "Qts" and version "4.3.3.0174" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0188 Search vendor "Qnap" for product "Qts" and version "4.3.3.0188" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0210 Search vendor "Qnap" for product "Qts" and version "4.3.3.0210" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0229 Search vendor "Qnap" for product "Qts" and version "4.3.3.0229" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0238 Search vendor "Qnap" for product "Qts" and version "4.3.3.0238" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0262 Search vendor "Qnap" for product "Qts" and version "4.3.3.0262" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0299 Search vendor "Qnap" for product "Qts" and version "4.3.3.0299" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0351 Search vendor "Qnap" for product "Qts" and version "4.3.3.0351" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0353 Search vendor "Qnap" for product "Qts" and version "4.3.3.0353" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0361 Search vendor "Qnap" for product "Qts" and version "4.3.3.0361" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0369 Search vendor "Qnap" for product "Qts" and version "4.3.3.0369" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0378 Search vendor "Qnap" for product "Qts" and version "4.3.3.0378" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0396 Search vendor "Qnap" for product "Qts" and version "4.3.3.0396" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0404 Search vendor "Qnap" for product "Qts" and version "4.3.3.0404" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0416 Search vendor "Qnap" for product "Qts" and version "4.3.3.0416" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0418 Search vendor "Qnap" for product "Qts" and version "4.3.3.0418" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0448 Search vendor "Qnap" for product "Qts" and version "4.3.3.0448" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0514 Search vendor "Qnap" for product "Qts" and version "4.3.3.0514" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0546 Search vendor "Qnap" for product "Qts" and version "4.3.3.0546" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0570 Search vendor "Qnap" for product "Qts" and version "4.3.3.0570" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0868 Search vendor "Qnap" for product "Qts" and version "4.3.3.0868" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.0998 Search vendor "Qnap" for product "Qts" and version "4.3.3.0998" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.1051 Search vendor "Qnap" for product "Qts" and version "4.3.3.1051" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.1098 Search vendor "Qnap" for product "Qts" and version "4.3.3.1098" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.1161 Search vendor "Qnap" for product "Qts" and version "4.3.3.1161" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.1252 Search vendor "Qnap" for product "Qts" and version "4.3.3.1252" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.1315 Search vendor "Qnap" for product "Qts" and version "4.3.3.1315" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.1386 Search vendor "Qnap" for product "Qts" and version "4.3.3.1386" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3.1432 Search vendor "Qnap" for product "Qts" and version "4.3.3.1432" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6 Search vendor "Qnap" for product "Qts" and version "4.3.6" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.0895 Search vendor "Qnap" for product "Qts" and version "4.3.6.0895" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.0907 Search vendor "Qnap" for product "Qts" and version "4.3.6.0907" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.0923 Search vendor "Qnap" for product "Qts" and version "4.3.6.0923" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.0944 Search vendor "Qnap" for product "Qts" and version "4.3.6.0944" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.0959 Search vendor "Qnap" for product "Qts" and version "4.3.6.0959" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.0979 Search vendor "Qnap" for product "Qts" and version "4.3.6.0979" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.0993 Search vendor "Qnap" for product "Qts" and version "4.3.6.0993" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.1013 Search vendor "Qnap" for product "Qts" and version "4.3.6.1013" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.1033 Search vendor "Qnap" for product "Qts" and version "4.3.6.1033" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.1070 Search vendor "Qnap" for product "Qts" and version "4.3.6.1070" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.1154 Search vendor "Qnap" for product "Qts" and version "4.3.6.1154" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.1218 Search vendor "Qnap" for product "Qts" and version "4.3.6.1218" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.1263 Search vendor "Qnap" for product "Qts" and version "4.3.6.1263" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.1286 Search vendor "Qnap" for product "Qts" and version "4.3.6.1286" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.1333 Search vendor "Qnap" for product "Qts" and version "4.3.6.1333" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.1411 Search vendor "Qnap" for product "Qts" and version "4.3.6.1411" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6.1446 Search vendor "Qnap" for product "Qts" and version "4.3.6.1446" | - |
Affected
| ||||||