Qnap Photo Station vulnerabilities

CVE-2019-7192 [CRITICAL] CWE-863 CVE-2019-7192: This improper access control vulnerability allows remote attackers to gain unauthorized access to th This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

CVE-2019-7195 [CRITICAL] CWE-22 CVE-2019-7195: This external control of file name or path vulnerability allows remote attackers to access or modify This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

CVE-2018-0722 [HIGH] CWE-22 CVE-2018-0722: Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and ea Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.

CVE-2018-0715 [MEDIUM] CWE-79 CVE-2018-0715: Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remo Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.

CVE-2017-13073 [MEDIUM] CWE-79 CVE-2017-13073: Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3 Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.