CVE-2023-39299

Music Station

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.

We have already fixed the vulnerability in the following versions:
Music Station 4.8.11 and later
Music Station 5.1.16 and later
Music Station 5.3.23 and later

Se ha informado que una vulnerabilidad de path traversal que afecta a Music Station. Si se explota, la vulnerabilidad podría permitir a los usuarios leer el contenido de archivos inesperados y exponer datos confidenciales a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: Music Station 4.8.11 y posteriores Music Station 5.1.16 y posteriores Music Station 5.3.23 y posteriores

*Credits: fredoun

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-07-27 CVE Reserved
2023-11-03 CVE Published
2023-11-15 EPSS Updated
2024-09-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

CAPEC-126: Path Traversal

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.qnap.com/en/security-advisory/qsa-23-61	2023-11-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qnap Search vendor "Qnap"		Music Station Search vendor "Qnap" for product "Music Station"				>= 4.8.0 < 4.8.11 Search vendor "Qnap" for product "Music Station" and version " >= 4.8.0 < 4.8.11"		-		Affected
Qnap Search vendor "Qnap"		Music Station Search vendor "Qnap" for product "Music Station"				>= 5.1.0 < 5.1.16 Search vendor "Qnap" for product "Music Station" and version " >= 5.1.0 < 5.1.16"		-		Affected
Qnap Search vendor "Qnap"		Music Station Search vendor "Qnap" for product "Music Station"				>= 5.3.0 < 5.3.23 Search vendor "Qnap" for product "Music Station" and version " >= 5.3.0 < 5.3.23"		-		Affected