CVE-2018-19957
published 2021-09-10CVE-2018-19957: A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.69%
48.0th percentile
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qts | < 4.5.4.1715 | 4.5.4.1715 |
| qnap | quts_hero | < h4.5.4.1771 | h4.5.4.1771 |
| qnap | qutscloud | < c4.5.6.1755 | c4.5.6.1755 |
| qnap_systems_inc | qts | >= unspecified < 4.5.4.1715 build 20210630 | 4.5.4.1715 build 20210630 |
| qnap_systems_inc | quts_hero | >= unspecified < h4.5.4.1771 build 20210825 | h4.5.4.1771 build 20210825 |
| qnap_systems_inc | qutscloud | >= unspecified < c4.5.6.1755 build 20210809 | c4.5.6.1755 build 20210809 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-09-10
Published