1. CVE-Search
  2. CVE-2019-7192
ID CVE-2019-7192
Summary This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
References
Vulnerable Configurations
  • cpe:2.3:a:qnap:photo_station:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:5.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:5.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:qnap:photo_station:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:qnap:photo_station:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
    cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
  • cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 22-04-2022 - 19:59)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
misc http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
Last major update 22-04-2022 - 19:59
Published 05-12-2019 - 17:15
Last modified 22-04-2022 - 19:59
Back to Top