CVE-2017-13069

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
5.7%
top 9.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qnap Music Station
Timeline
PublishedOct 6
Latest updateMay 17

Description

QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDqnap/music_station4.8.6+1

🔴Vulnerability Details

2
GHSA
GHSA-w899-6vwg-gf6x: QNAP discovered a number of command injection vulnerabilities found in Music Station versions 42022-05-17
CVEList
CVE-2017-13069: QNAP discovered a number of command injection vulnerabilities found in Music Station versions 42017-10-06
CVE-2017-13069 (CRITICAL CVSS 9.8) | QNAP discovered a number of command | cvebase.io