Description

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later

Related CPE's

o

qnap

qts

57

a

qnap

media_streaming_add-on

2

a

qnap

multimedia_console

Vulnerable

References

https://www.qnap.com/en/security-advisory/qsa-21-11

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-89

[email protected]

Secondary
CWE-20CWE-89CWE-943

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-17T04:15:11.610

4 years ago

Last modified

2021-04-23T14:12:11.347

4 years ago