CVE-2018-19949
published 2020-10-28CVE-2018-19949: If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following…
PriorityP196critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2022-06-14
Exploited in the wild
EPSS
24.45%
97.6th percentile
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qts | < 4.2.6 | 4.2.6 |
| qnap | qts | — | — |
| qnap | qts | >= 4.3.1.0013 < 4.3.3.1161 | 4.3.3.1161 |
| qnap | qts | >= 4.3.4 < 4.3.4.1190 | 4.3.4.1190 |
| qnap | qts | >= 4.3.6 < 4.3.6.1218 | 4.3.6.1218 |
| qnap | qts | >= 4.4.0 < 4.4.1.1201 | 4.4.1.1201 |
| qnap | qts | >= 4.4.2 < 4.4.2.1231 | 4.4.2.1231 |
| qnap_systems_inc | qts | >= unspecified < 4.4.2.1231 | 4.4.2.1231 |
| qnap_systems_inc | qts | >= unspecified < 4.4.1.1201 | 4.4.1.1201 |
| qnap_systems_inc | qts | >= unspecified < 4.3.6.1218 | 4.3.6.1218 |
| qnap_systems_inc | qts | >= unspecified < 4.3.4.1190 | 4.3.4.1190 |
| qnap_systems_inc | qts | >= unspecified < 4.3.3.1161 | 4.3.3.1161 |
| qnap_systems_inc | qts | >= unspecified < 4.2.6 | 4.2.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in QNAP NAS File Station component — monitor for unexpected command execution originating from File Station processes on QNAP NAS devices ↗
- →Target platform is QNAP Network Attached Storage (NAS); scope detection to QNAP NAS devices running QTS versions prior to the fixed builds ↗
- ·Fixed in QTS 4.4.2.1231 build 20200302; earlier builds are vulnerable — ensure patched build is confirmed before removing detection coverage ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h9cw-v634-8jcw: If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands
ghsa_unreviewed·2022-05-24
CVE-2018-19949 [CRITICAL] CWE-20 GHSA-h9cw-v634-8jcw: If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
VulnCheck
QNAP NAS File Station Command Injection Vulnerability
vulncheck·2018·CVSS 9.8
CVE-2018-19949 [CRITICAL] CWE-20 QNAP NAS File Station Command Injection Vulnerability
QNAP NAS File Station Command Injection Vulnerability
A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.
Affected: QNAP QNAP Network-Attached Storage (NAS)
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.bleepingcomputer.com/news/security/ongoing-ech0raix-ransomware-campaign-targets-qnap-nas-devices/; https://cybersecurityworks.com/howdymanage/uploads/file/ransomware-_-2022-spotlight-report_compressed.pdf; https://cybersecurityworks.com/howdymanage/uploads/file/RansomwareUpdate%20Report%202022%20Q1.pdf; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-14
CISA
QNAP NAS File Station Command Injection Vulnerability
cisa·2022-05-24·CVSS 9.8
CVE-2018-19949 [CRITICAL] CWE-20 QNAP NAS File Station Command Injection Vulnerability
Vulnerability: QNAP NAS File Station Command Injection Vulnerability
Affected: QNAP Network Attached Storage (NAS)
A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-19949
Remediation Due Date: 2022-06-14
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-10-28
Published
2022-05-24
Added to CISA KEV
Exploited in the wild