PT-2019-8708 · Qnap · Qts+1

Yoni Ramon

Published

2019-02-01

Updated

2019-02-12

CVE-2018-0722

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions QTS versions prior to 4.3.4 with Photo Station versions prior to 5.7.2 QTS version 4.3.3 with Photo Station versions prior to 5.4.4 QTS version 4.2.6 with Photo Station versions prior to 5.2.8

Description The issue allows remote attackers to access sensitive information on the device due to a Path Traversal vulnerability in Photo Station.

Recommendations For QTS versions prior to 4.3.4 with Photo Station versions prior to 5.7.2, update Photo Station to version 5.7.2 or later. For QTS version 4.3.3 with Photo Station versions prior to 5.4.4, update Photo Station to version 5.4.4 or later. For QTS version 4.2.6 with Photo Station versions prior to 5.2.8, update Photo Station to version 5.2.8 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-0722

Affected Products

Photo Station

Qts

PT-2019-8708 · Qnap · Qts+1

CVE-2018-0722

Weakness Enumeration

Related Identifiers

Affected Products

References · 3