CVE-2018-0718

CWE-77 — Command Injection5 documents4 sources

Severity

9.8CRITICAL

EPSS

5.7%

top 9.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Music Station

Timeline

PublishedSep 14

Latest updateJan 13

Description

Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDqnap/music_station5.1.2

▶CVEListV5qnap/music_station5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4

🔴Vulnerability Details

OSV

libxmltok vulnerabilities↗2025-01-13

▶

OSV

libxmltok vulnerabilities↗2022-07-19

▶

GHSA

GHSA-gw52-pwgm-mrx7: Command injection vulnerability in Music Station 5↗2022-05-13

▶

CVEList

CVE-2018-0718: Command injection vulnerability in Music Station 5↗2018-09-14

▶