Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-7183

This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions.

Published

2019-12-05T17:15:12.763

Last Modified

2024-11-21T04:47:44.140

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.3.3.0868	Yes
Operating System	qnap	qts	4.3.3.0998	Yes
Operating System	qnap	qts	4.3.4.0899	Yes
Operating System	qnap	qts	4.3.4.1029	Yes
Operating System	qnap	qts	4.3.6.0895	Yes
Operating System	qnap	qts	4.3.6.0907	Yes
Operating System	qnap	qts	4.3.6.0923	Yes
Operating System	qnap	qts	4.3.6.0944	Yes
Operating System	qnap	qts	4.3.6.0959	Yes
Operating System	qnap	qts	4.3.6.0979	Yes
Operating System	qnap	qts	4.3.6.0993	Yes
Operating System	qnap	qts	4.3.6.1013	Yes
Operating System	qnap	qts	4.3.6.1033	Yes
Operating System	qnap	qts	4.4.1.0948	Yes
Operating System	qnap	qts	4.4.1.0949	Yes
Operating System	qnap	qts	4.4.1.0978	Yes
Operating System	qnap	qts	4.4.1.0998	Yes
Operating System	qnap	qts	4.4.1.0999	Yes
Operating System	qnap	qts	4.4.1.1031	Yes
Operating System	qnap	qts	4.4.1.1033	Yes
Operating System	qnap	qts	4.4.1.1064	Yes
Operating System	qnap	qts	4.4.1.1081	Yes
Operating System	qnap	qts	4.4.1.1086	Yes
Operating System	qnap	qts	4.4.1.1101	Yes

References

https://www.qnap.com/zh-tw/security-advisory/nas-201911-27 Vendor Advisory ([email protected])
https://www.qnap.com/zh-tw/security-advisory/nas-201911-27 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)