CVE-2018-0729

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
3.5%
top 12.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qnap Music Station
Timeline
PublishedDec 4
Latest updateMay 24

Description

This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDqnap/music_station< 5.3.5+3
CVEListV5qnap_nas_devicesQTS 4.4.1: Music Station before version 5.3.5, QTS 4.3.6: Music Station before version 5.2.7, QTS 4.3.4: Music Station before version 5.1.11, QTS 4.3.3: Music Station before version 5.1.11, QTS 4.2.6: Music Station before version 4.8.8

🔴Vulnerability Details

2
GHSA
GHSA-58wh-7jpg-vjqr: This command injection vulnerability in Music Station allows attackers to execute commands on the affected device2022-05-24
CVEList
CVE-2018-0729: This command injection vulnerability in Music Station allows attackers to execute commands on the affected device2019-12-04
CVE-2018-0729 (CRITICAL CVSS 9.8) | This command injection vulnerabilit | cvebase.io