ByteOS Network

NVD Vulnerability Details :

CVE-2018-19950

Analyzed

Source-security@qnapsecurity.com.tw

Published At-02 Nov, 2020 | 16:15

Updated At-16 Nov, 2022 | 15:30

If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

QNAP Systems, Inc.

>>qts>>4.4.3

cpe:2.3:o:qnap:qts:4.4.3:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>music_station>>Versions from 5.3.0(inclusive) to 5.3.11(exclusive)

cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4

cpe:2.3:o:qnap:qts:4.3.4:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>music_station>>Versions before 5.1.13(exclusive)

cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.6

cpe:2.3:o:qnap:qts:4.3.6:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>music_station>>Versions from 5.2.0(inclusive) to 5.2.9(exclusive)

cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3

cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>music_station>>Versions before 5.1.13(exclusive)

cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-77	Primary	nvd@nist.gov
CWE-77	Secondary	security@qnapsecurity.com.tw
CWE-78	Secondary	security@qnapsecurity.com.tw

References

Hyperlink	Source	Resource
https://www.qnap.com/en/security-advisory/qsa-20-10	security@qnapsecurity.com.tw	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History