An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
2021-04-17T04:15:11.610
2024-11-21T05:28:59.553
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | qnap | qts | < 4.3.3 | Yes |
| Operating System | qnap | qts | < 4.3.6 | Yes |
| Operating System | qnap | qts | 4.3.3 | Yes |
| Operating System | qnap | qts | 4.3.3.0095 | Yes |
| Operating System | qnap | qts | 4.3.3.0096 | Yes |
| Operating System | qnap | qts | 4.3.3.0136 | Yes |
| Operating System | qnap | qts | 4.3.3.0154 | Yes |
| Operating System | qnap | qts | 4.3.3.0174 | Yes |
| Operating System | qnap | qts | 4.3.3.0188 | Yes |
| Operating System | qnap | qts | 4.3.3.0210 | Yes |
| Operating System | qnap | qts | 4.3.3.0229 | Yes |
| Operating System | qnap | qts | 4.3.3.0238 | Yes |
| Operating System | qnap | qts | 4.3.3.0262 | Yes |
| Operating System | qnap | qts | 4.3.3.0299 | Yes |
| Operating System | qnap | qts | 4.3.3.0351 | Yes |
| Operating System | qnap | qts | 4.3.3.0353 | Yes |
| Operating System | qnap | qts | 4.3.3.0361 | Yes |
| Operating System | qnap | qts | 4.3.3.0369 | Yes |
| Operating System | qnap | qts | 4.3.3.0378 | Yes |
| Operating System | qnap | qts | 4.3.3.0396 | Yes |
| Operating System | qnap | qts | 4.3.3.0404 | Yes |
| Operating System | qnap | qts | 4.3.3.0416 | Yes |
| Operating System | qnap | qts | 4.3.3.0418 | Yes |
| Operating System | qnap | qts | 4.3.3.0448 | Yes |
| Operating System | qnap | qts | 4.3.3.0514 | Yes |
| Operating System | qnap | qts | 4.3.3.0546 | Yes |
| Operating System | qnap | qts | 4.3.3.0570 | Yes |
| Operating System | qnap | qts | 4.3.3.0868 | Yes |
| Operating System | qnap | qts | 4.3.3.0998 | Yes |
| Operating System | qnap | qts | 4.3.3.1051 | Yes |
| Operating System | qnap | qts | 4.3.3.1098 | Yes |
| Operating System | qnap | qts | 4.3.3.1161 | Yes |
| Operating System | qnap | qts | 4.3.3.1252 | Yes |
| Operating System | qnap | qts | 4.3.3.1315 | Yes |
| Operating System | qnap | qts | 4.3.3.1386 | Yes |
| Operating System | qnap | qts | 4.3.3.1432 | Yes |
| Operating System | qnap | qts | 4.3.6 | Yes |
| Operating System | qnap | qts | 4.3.6.0895 | Yes |
| Operating System | qnap | qts | 4.3.6.0907 | Yes |
| Operating System | qnap | qts | 4.3.6.0923 | Yes |
| Operating System | qnap | qts | 4.3.6.0944 | Yes |
| Operating System | qnap | qts | 4.3.6.0959 | Yes |
| Operating System | qnap | qts | 4.3.6.0979 | Yes |
| Operating System | qnap | qts | 4.3.6.0993 | Yes |
| Operating System | qnap | qts | 4.3.6.1013 | Yes |
| Operating System | qnap | qts | 4.3.6.1033 | Yes |
| Operating System | qnap | qts | 4.3.6.1070 | Yes |
| Operating System | qnap | qts | 4.3.6.1154 | Yes |
| Operating System | qnap | qts | 4.3.6.1218 | Yes |
| Operating System | qnap | qts | 4.3.6.1263 | Yes |
| Operating System | qnap | qts | 4.3.6.1286 | Yes |
| Operating System | qnap | qts | 4.3.6.1333 | Yes |
| Operating System | qnap | qts | 4.3.6.1411 | Yes |
| Operating System | qnap | qts | 4.3.6.1446 | Yes |
| Application | qnap | media_streaming_add-on | < 430.1.8.10 | Yes |
| Operating System | qnap | qts | 4.3.3 | No |
| Application | qnap | media_streaming_add-on | < 430.1.8.8 | Yes |
| Operating System | qnap | qts | 4.3.6 | No |
| Application | qnap | multimedia_console | < 1.3.4 | Yes |
| Operating System | qnap | qts | ≥ 4.4.0 | No |