← back
CVE-2019-7192

CVE-2019-7192

CVSS 9.8 CRITICALEPSS 88.2%● KEVCWE-863
In short

Photo Station has a flaw that lets remote attackers bypass access controls and gain unauthorized access to the system without proper authentication. This is critical because attackers can take control of the affected system from the internet.

Technical detail

CWE-863 improper access control vulnerability in Photo Station allows remote attackers to bypass authentication mechanisms and gain unauthorized system access. The vulnerability requires network access but no user interaction, resulting in complete compromise of system confidentiality, integrity, and availability.

Summary generated and translated by AI from the official description.
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · QNAP NAS devices running Photo Station
public PoCs found3
githubgithub.com/th3gundy/CVE-2019-7192_QNAP_Exploit87githubgithub.com/cycraft-corp/cve-2019-7192-check13cve_referencepacketstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7192https://www.qnap.com/zh-tw/security-advisory/nas-201911-25