CVE-2019-7193
published 2019-12-05CVE-2019-7193: This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating…
PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
14.37%
96.2th percentile
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-964w-hfj4-c2g7: This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system
ghsa_unreviewed·2022-05-24
CVE-2019-7193 [HIGH] CWE-20 GHSA-964w-hfj4-c2g7: This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
VulnCheck
QNAP QTS Improper Input Validation Vulnerability
vulncheck·2019·CVSS 9.8
CVE-2019-7193 [CRITICAL] CWE-20 QNAP QTS Improper Input Validation Vulnerability
QNAP QTS Improper Input Validation Vulnerability
QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
Affected: QNAP QTS
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://cybersecurityworks.com/howdymanage/uploads/file/ransomware-_-2022-spotlight-report_compressed.pdf; https://www.cisa.gov/uscert/ncas/alerts/aa22-158a; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://cisa.gov/news-events/cybersecurity-advisories/aa22-158a; https://www.greynoise.io/blog/battling-ransomware-one-tag-at-a-time
Remediation Due: 2022-06-22
CISA
QNAP QTS Improper Input Validation Vulnerability
cisa·2022-06-08·CVSS 9.8
CVE-2019-7193 [CRITICAL] CWE-20 QNAP QTS Improper Input Validation Vulnerability
Vulnerability: QNAP QTS Improper Input Validation Vulnerability
Affected: QNAP QTS
QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-7193
Remediation Due Date: 2022-06-22
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.htmlhttps://www.qnap.com/zh-tw/security-advisory/nas-201911-25http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.htmlhttps://www.qnap.com/zh-tw/security-advisory/nas-201911-25https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7193
2019-12-05
Published
2022-06-08
Added to CISA KEV
Exploited in the wild