CVE-2020-36197

CWE-284Improper Access ControlCWE-22Path Traversal4 documents4 sources
Severity
8.8HIGH
EPSS
2.6%
top 14.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Music StationQnap Music Station
Timeline
PublishedMay 13
Latest updateMay 24

Description

An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS her

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5qnap_systems_inc./music_stationunspecified5.3.16+2
NVDqnap/music_station< 5.3.16+2

Patches

Patch: packetstormsecurity.comPatch: packetstormsecurity.com

🔴Vulnerability Details

2
GHSA
GHSA-7mc6-7xwc-c4wg: An improper access control vulnerability has been reported to affect earlier versions of Music Station2022-05-24
CVEList
Improper Access Control Vulnerability in Music Station2021-05-13

🔍Detection Rules

1
Suricata
ET EXPLOIT QNAP MusicStation Pre-Auth RCE Inbound (CVE-2020-36197)2021-05-24
CVE-2020-36197 (HIGH CVSS 8.8) | An improper access control vulnerab | cvebase.io