Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-36197

An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4.

Published

2021-05-13T03:15:06.760

Last Modified

2024-11-21T05:28:59.887

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

6.5

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-284
  • Type: Secondary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application qnap music_station < 5.3.16 Yes
Operating System qnap qts 4.5.2 No
Application qnap music_station < 5.2.10 Yes
Operating System qnap qts 4.3.6 No
Application qnap music_station < 5.1.14 Yes
Operating System qnap qts 4.3.3 No
Application qnap music_station < 5.3.16 Yes
Operating System qnap quts_hero h4.5.2 No
Application qnap music_station < 5.3.16 Yes
Operating System qnap qutscloud c4.5.4 No
References