CVE-2018-0730 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Severity

98%

Complexity

39%

Confidentiality

98%

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

CVSS 3.1 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

QNAP QTS

First reported 5 years ago

2019-12-04 17:16:00

Last updated 5 years ago

2019-12-10 16:35:00

Affected Software

QNAP QTS 4.2.6

4.2.6

QNAP QTS 4.3.6.0895

4.3.6.0895

QNAP QTS 4.3.6.0907

4.3.6.0907

QNAP QTS 4.3.6.0923

4.3.6.0923

QNAP QTS 4.3.6.0944

4.3.6.0944

QNAP QTS 4.3.6.0959

4.3.6.0959

QNAP QTS 4.3.6.0979

4.3.6.0979

QNAP QTS 4.3.6.0993

4.3.6.0993

QNAP QTS 4.3.6.1013

4.3.6.1013

QNAP QTS 4.3.6.1033

4.3.6.1033

QNAP QTS 4.4.1.0948 Beta

4.4.1.0948

QNAP QTS 4.4.1.0949 Beta

4.4.1.0949

QNAP QTS 4.4.1.0978 Beta 2

4.4.1.0978

QNAP QTS 4.4.1.0998 Beta 3

4.4.1.0998

QNAP QTS 4.4.1.0999 Beta 3

4.4.1.0999

QNAP QTS 4.4.1.1031 Beta 4

4.4.1.1031

QNAP QTS 4.4.1.1033 Beta 4

4.4.1.1033

References

https://www.qnap.com/zh-tw/security-advisory/nas-201911-20

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.