CVE-2020-36195

Name of the Vulnerable Software and Affected Versions QNAP NAS versions prior to QTS 4.3.3.1624 Build 20210416 QNAP NAS versions prior to QTS 4.3.6.1620 Build 20210322 QNAP NAS Multimedia Console versions prior to 1.3.4 QNAP NAS Media Streaming add-on versions prior to 430.1.8.8 QNAP NAS Media Streaming add-on versions prior to 430.1.8.10

Description An SQL injection issue has been reported, affecting QNAP NAS running Multimedia Console or the Media Streaming add-on. This issue allows remote attackers to obtain application information by exploiting the vulnerability, which is related to the lack of protection against SQL query structure attacks.

Recommendations For QNAP NAS versions prior to QTS 4.3.3.1624 Build 20210416, update to QTS 4.3.3.1624 Build 20210416 or later. For QNAP NAS versions prior to QTS 4.3.6.1620 Build 20210322, update to QTS 4.3.6.1620 Build 20210322 or later. For QNAP NAS Multimedia Console versions prior to 1.3.4, update to Multimedia Console 1.3.4 or later. For QNAP NAS Media Streaming add-on versions prior to 430.1.8.8, update to Media Streaming add-on 430.1.8.8 or later. For QNAP NAS Media Streaming add-on versions prior to 430.1.8.10, update to Media Streaming add-on 430.1.8.10 or later.