CVE-2020-36195

CWE-20Improper Input ValidationCWE-89SQL InjectionCWE-943Improper Neutralization of Special Elements in Data Query Logic4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.5%
top 36.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems Inc. Media Streaming Add-onQnap Systems Inc. Multimedia ConsoleQnap Systems Inc. QTS+3 more
Timeline
PublishedApr 17
Latest updateMay 24

Description

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and la

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

CVEListV5qnap_systems_inc./multimedia_consoleunspecified1.3.4
NVDqnap/media_streaming_add-on< 430.1.8.10+1
CVEListV5qnap_systems_inc./media_streaming_add-onunspecified430.1.8.10+1
NVDqnap/qts4.3.44.3.6+53

🔴Vulnerability Details

3
GHSA
GHSA-w8v9-r423-9xg2: An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on2022-05-24
CVEList
SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On2021-04-17
VulnCheck
QNAP QTS Improper Input Validation2020
CVE-2020-36195 (CRITICAL CVSS 9.8) | An SQL injection vulnerability has | cvebase.io