⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-06-22.

CVE-2019-7192Incorrect Authorization in Qnap Photo Station

CWE-863Incorrect AuthorizationCWE-269Improper Privilege Management6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
94.3%
top 0.05%
CISA KEV
KEVRansomware
Added 2022-06-08
Due 2022-06-22
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Qnap Photo Station
Timeline
PublishedDec 5
KEV addedJun 8
KEV dueJun 22
CISA Required Action: Apply updates per vendor instructions.

Description

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDqnap/photo_station< 6.0.3+3

🔴Vulnerability Details

3
GHSA
GHSA-9p75-w4p8-7gvx: This improper access control vulnerability allows remote attackers to gain unauthorized access to the system2022-05-24
CVEList
CVE-2019-7192: This improper access control vulnerability allows remote attackers to gain unauthorized access to the system2019-12-05
VulnCheck
QNAP Photo Station Improper Access Control Vulnerability2019

💥Exploits & PoCs

1
Nuclei
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

📋Vendor Advisories

1
CISA
QNAP Photo Station Improper Access Control Vulnerability2022-06-08
CVE-2019-7192 — Incorrect Authorization in Qnap | cvebase