[CVE-2019-7193] QNAP QTS Improper Input Validation Vulnerability

CISA KEV 정보

취약점명	QNAP QTS Improper Input Validation Vulnerability
설명	QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
조치사항	Apply updates per vendor instructions.
랜섬웨어 캠페인 악용	Known
CWE	CWE-20
등록일 (KEV)	2022-06-08
조치 기한	2022-06-22
추가 참고	https://nvd.nist.gov/vuln/detail/CVE-2019-7193

NVD 상세 정보

CVSS v3.1: 9.8 CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

설명: This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

CWE: CWE-20

참조

http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html [Exploit, Third Party Advisory, VDB Entry]
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 [Vendor Advisory]
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html [Exploit, Third Party Advisory, VDB Entry]
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 [Vendor Advisory]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7193 [US Government Resource]

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2019-7193] QNAP QTS Improper Input Validation Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍