var-202011-1206
Vulnerability from variot
If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. QNAP Music Station Has OS There are command injection vulnerabilities and command injection vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems.
The UserName of the Music Station that uses the file upload function of QNAP Systems TS-870 with firmware version 4.3.4.0486 has a command injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "music station",
"scope": "lt",
"trust": 1.0,
"vendor": "qnap",
"version": "5.2.9"
},
{
"model": "music station",
"scope": "gte",
"trust": 1.0,
"vendor": "qnap",
"version": "5.3.0"
},
{
"model": "music station",
"scope": "lt",
"trust": 1.0,
"vendor": "qnap",
"version": "5.3.11"
},
{
"model": "music station",
"scope": "lt",
"trust": 1.0,
"vendor": "qnap",
"version": "5.1.13"
},
{
"model": "music station",
"scope": "gte",
"trust": 1.0,
"vendor": "qnap",
"version": "5.2.0"
},
{
"model": "music station",
"scope": "eq",
"trust": 0.8,
"vendor": "qnap",
"version": "5.3.11"
},
{
"model": "music station",
"scope": "eq",
"trust": 0.8,
"vendor": "qnap",
"version": null
},
{
"model": "music station",
"scope": "eq",
"trust": 0.8,
"vendor": "qnap",
"version": "5.2.9"
},
{
"model": "music station",
"scope": "eq",
"trust": 0.8,
"vendor": "qnap",
"version": "5.1.13"
},
{
"model": "systems ts-870",
"scope": "eq",
"trust": 0.6,
"vendor": "qnap",
"version": "4.3.4.0486"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62934"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016514"
},
{
"db": "NVD",
"id": "CVE-2018-19950"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rick Ramgattie,Shaun Mirani, Joshua Meyer, and Ian Sindermann",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-926"
}
],
"trust": 0.6
},
"cve": "CVE-2018-19950",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-19950",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-62934",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-19950",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-19950",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-19950",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-19950",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-62934",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-926",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-19950",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62934"
},
{
"db": "VULMON",
"id": "CVE-2018-19950"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016514"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-926"
},
{
"db": "NVD",
"id": "CVE-2018-19950"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. QNAP Music Station Has OS There are command injection vulnerabilities and command injection vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. \n\r\n\r\nThe UserName of the Music Station that uses the file upload function of QNAP Systems TS-870 with firmware version 4.3.4.0486 has a command injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19950"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016514"
},
{
"db": "CNVD",
"id": "CNVD-2020-62934"
},
{
"db": "VULMON",
"id": "CVE-2018-19950"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19950",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016514",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-62934",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201909-926",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-19950",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62934"
},
{
"db": "VULMON",
"id": "CVE-2018-19950"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016514"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-926"
},
{
"db": "NVD",
"id": "CVE-2018-19950"
}
]
},
"id": "VAR-202011-1206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62934"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62934"
}
]
},
"last_update_date": "2024-11-23T23:01:11.826000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QSA-20-10",
"trust": 0.8,
"url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016514"
},
{
"db": "NVD",
"id": "CVE-2018-19950"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19950"
},
{
"trust": 0.6,
"url": "https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62934"
},
{
"db": "VULMON",
"id": "CVE-2018-19950"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016514"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-926"
},
{
"db": "NVD",
"id": "CVE-2018-19950"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-62934"
},
{
"db": "VULMON",
"id": "CVE-2018-19950"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016514"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-926"
},
{
"db": "NVD",
"id": "CVE-2018-19950"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-62934"
},
{
"date": "2020-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19950"
},
{
"date": "2021-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016514"
},
{
"date": "2019-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-926"
},
{
"date": "2020-11-02T16:15:13.020000",
"db": "NVD",
"id": "CVE-2018-19950"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-62934"
},
{
"date": "2020-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19950"
},
{
"date": "2021-05-31T07:26:00",
"db": "JVNDB",
"id": "JVNDB-2018-016514"
},
{
"date": "2020-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-926"
},
{
"date": "2024-11-21T03:58:52.370000",
"db": "NVD",
"id": "CVE-2018-19950"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-926"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "QNAP\u00a0Music\u00a0Station\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-926"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.