CVE-2019-7194

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*

History

22 Apr 2022, 19:59

Type Values Removed Values Added
CWE CWE-610 CWE-22
References (MISC) http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html - (MISC) http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2019-12-05 17:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-7194

Mitre link : CVE-2019-7194

CVE.ORG link : CVE-2019-7194


JSON object : View

Products Affected

qnap

  • qts
  • photo_station
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')