// For flags

CVE-2020-36195

SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later

Se ha reportado de una vulnerabilidad de inyección SQL que afecta al NAS de QNAP que ejecuta Multimedia Console o el add-on Media Streaming. Si se explota, la vulnerabilidad permite a atacantes remotos obtener información de la aplicación. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Multimedia Console y el add-on Media Streaming. QTS versión 4.3.3: add-on Media Streaming versiones 430.1.8.10 y posteriores. QTS versión 4.3.6: add-on Media Streaming versiones 430.1.8.8 y posteriores. QTS versiones 4.4.x y posteriores. Multimedia Console versiones 1.3.4 y posteriores. También hemos corregido esta vulnerabilidad en las siguientes versiones de QTS 4.3.3 y QTS 4.3.6, respectivamente: QTS versión 4.3.3.1624 Build 20210416 o posteriores. QTS versiones 4.3.6.1620 Build 20210322 o posteriores

*Credits: Yaniv Puyeski
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-19 CVE Reserved
  • 2021-04-17 CVE Published
  • 2023-12-31 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • CWE-943: Improper Neutralization of Special Elements in Data Query Logic
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
< 430.1.8.10
Search vendor "Qnap" for product "Media Streaming Add-on" and version " < 430.1.8.10"
-
Affected
in Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3
Search vendor "Qnap" for product "Qts" and version "4.3.3"
-
Safe
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
< 430.1.8.8
Search vendor "Qnap" for product "Media Streaming Add-on" and version " < 430.1.8.8"
-
Affected
in Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6
Search vendor "Qnap" for product "Qts" and version "4.3.6"
-
Safe
Qnap
Search vendor "Qnap"
Multimedia Console
Search vendor "Qnap" for product "Multimedia Console"
< 1.3.4
Search vendor "Qnap" for product "Multimedia Console" and version " < 1.3.4"
-
Affected
in Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
>= 4.4.0
Search vendor "Qnap" for product "Qts" and version " >= 4.4.0"
-
Safe
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
< 4.3.3
Search vendor "Qnap" for product "Qts" and version " < 4.3.3"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
>= 4.3.4 < 4.3.6
Search vendor "Qnap" for product "Qts" and version " >= 4.3.4 < 4.3.6"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3
Search vendor "Qnap" for product "Qts" and version "4.3.3"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0095
Search vendor "Qnap" for product "Qts" and version "4.3.3.0095"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0096
Search vendor "Qnap" for product "Qts" and version "4.3.3.0096"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0136
Search vendor "Qnap" for product "Qts" and version "4.3.3.0136"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0154
Search vendor "Qnap" for product "Qts" and version "4.3.3.0154"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0174
Search vendor "Qnap" for product "Qts" and version "4.3.3.0174"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0188
Search vendor "Qnap" for product "Qts" and version "4.3.3.0188"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0210
Search vendor "Qnap" for product "Qts" and version "4.3.3.0210"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0229
Search vendor "Qnap" for product "Qts" and version "4.3.3.0229"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0238
Search vendor "Qnap" for product "Qts" and version "4.3.3.0238"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0262
Search vendor "Qnap" for product "Qts" and version "4.3.3.0262"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0299
Search vendor "Qnap" for product "Qts" and version "4.3.3.0299"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0351
Search vendor "Qnap" for product "Qts" and version "4.3.3.0351"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0353
Search vendor "Qnap" for product "Qts" and version "4.3.3.0353"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0361
Search vendor "Qnap" for product "Qts" and version "4.3.3.0361"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0369
Search vendor "Qnap" for product "Qts" and version "4.3.3.0369"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0378
Search vendor "Qnap" for product "Qts" and version "4.3.3.0378"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0396
Search vendor "Qnap" for product "Qts" and version "4.3.3.0396"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0404
Search vendor "Qnap" for product "Qts" and version "4.3.3.0404"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0416
Search vendor "Qnap" for product "Qts" and version "4.3.3.0416"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0418
Search vendor "Qnap" for product "Qts" and version "4.3.3.0418"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0448
Search vendor "Qnap" for product "Qts" and version "4.3.3.0448"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0514
Search vendor "Qnap" for product "Qts" and version "4.3.3.0514"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0546
Search vendor "Qnap" for product "Qts" and version "4.3.3.0546"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0570
Search vendor "Qnap" for product "Qts" and version "4.3.3.0570"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0868
Search vendor "Qnap" for product "Qts" and version "4.3.3.0868"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0998
Search vendor "Qnap" for product "Qts" and version "4.3.3.0998"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1051
Search vendor "Qnap" for product "Qts" and version "4.3.3.1051"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1098
Search vendor "Qnap" for product "Qts" and version "4.3.3.1098"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1161
Search vendor "Qnap" for product "Qts" and version "4.3.3.1161"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1252
Search vendor "Qnap" for product "Qts" and version "4.3.3.1252"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1315
Search vendor "Qnap" for product "Qts" and version "4.3.3.1315"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1386
Search vendor "Qnap" for product "Qts" and version "4.3.3.1386"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1432
Search vendor "Qnap" for product "Qts" and version "4.3.3.1432"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6
Search vendor "Qnap" for product "Qts" and version "4.3.6"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0895
Search vendor "Qnap" for product "Qts" and version "4.3.6.0895"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0907
Search vendor "Qnap" for product "Qts" and version "4.3.6.0907"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0923
Search vendor "Qnap" for product "Qts" and version "4.3.6.0923"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0944
Search vendor "Qnap" for product "Qts" and version "4.3.6.0944"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0959
Search vendor "Qnap" for product "Qts" and version "4.3.6.0959"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0979
Search vendor "Qnap" for product "Qts" and version "4.3.6.0979"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0993
Search vendor "Qnap" for product "Qts" and version "4.3.6.0993"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1013
Search vendor "Qnap" for product "Qts" and version "4.3.6.1013"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1033
Search vendor "Qnap" for product "Qts" and version "4.3.6.1033"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1070
Search vendor "Qnap" for product "Qts" and version "4.3.6.1070"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1154
Search vendor "Qnap" for product "Qts" and version "4.3.6.1154"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1218
Search vendor "Qnap" for product "Qts" and version "4.3.6.1218"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1263
Search vendor "Qnap" for product "Qts" and version "4.3.6.1263"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1286
Search vendor "Qnap" for product "Qts" and version "4.3.6.1286"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1333
Search vendor "Qnap" for product "Qts" and version "4.3.6.1333"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1411
Search vendor "Qnap" for product "Qts" and version "4.3.6.1411"
-
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1446
Search vendor "Qnap" for product "Qts" and version "4.3.6.1446"
-
Affected