← Zuruck zu CVEs
CVE-2018-19949
CRITICALCISA KEV9.8
Beschreibung
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/28/2020
Zuletzt geandert11/3/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerQNAP
ProduktNetwork Attached Storage (NAS)
SchwachstellennameQNAP NAS File Station Command Injection Vulnerability
KEV Aufnahmedatum2022-05-24
Behebungsfrist2022-06-14
Ransomware-NutzungKnown
Betroffene Produkte
qnap:qts
Schwachen (CWE)
CWE-20CWE-77CWE-78CWE-77
Referenzen
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01(security@qnapsecurity.com.tw)
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19949(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.