PT-2021-11964 · Qnap · Quts Hero+3
Polict
·
Published
2021-05-13
·
Updated
2021-06-21
·
CVE-2020-36197
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Music Station versions prior to 5.3.16 on QTS 4.5.2
Music Station versions prior to 5.2.10 on QTS 4.3.6
Music Station versions prior to 5.1.14 on QTS 4.3.3
Music Station versions prior to 5.3.16 on QuTS hero h4.5.2
Music Station versions prior to 5.3.16 on QuTScloud c4.5.4
Description:
An improper access control issue has been reported, affecting earlier versions of Music Station. This issue allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, and evading detection.
Recommendations:
For Music Station versions prior to 5.3.16 on QTS 4.5.2, update to version 5.3.16 or later.
For Music Station versions prior to 5.2.10 on QTS 4.3.6, update to version 5.2.10 or later.
For Music Station versions prior to 5.1.14 on QTS 4.3.3, update to version 5.1.14 or later.
For Music Station versions prior to 5.3.16 on QuTS hero h4.5.2, update to version 5.3.16 or later.
For Music Station versions prior to 5.3.16 on QuTScloud c4.5.4, update to version 5.3.16 or later.
Fix
Improper Access Control
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Music Station
Qts
Quts Hero
Qutscloud