PT-2019-6064 · Qnap · Qnap Photo Station

Henry Huang

Publicado

2019-10-25

Atualizado

2025-02-13

CVE-2019-7194

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QNAP Photo Station (affected versions not specified)

Description This issue allows remote attackers to access or modify system files due to external control of file name or path. It is related to incorrect limitation of the directory path name with limited access. Exploitation may allow a remote attacker to compromise data integrity.

Recommendations To fix the vulnerability, update Photo Station to the latest version. As a temporary workaround, consider restricting access to sensitive system files until the update is applied. Avoid using the vulnerable Photo Station version until it is updated to the latest version.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2021-04393

CVE-2019-7194

Produtos afetados

Qnap Photo Station

PT-2019-6064 · Qnap · Qnap Photo Station

CVE-2019-7194

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10