CVE-2018-19957

🗓️ 10 Sep 2021 04:00:18Reported by qnapType

Vulnerability in QNAP NAS allows remote attackers to launch privacy and security attacks

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2018-19957 Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud	10 Sep 202104:00	–	cvelist
EUVD	EUVD-2018-11628	7 Oct 202500:30	–	euvd
NVD	CVE-2018-19957	10 Sep 202104:15	–	nvd
OpenVAS	QNAP QTS HTTP Security Header Vulnerability (QSA-21-03)	13 Sep 202100:00	–	openvas
Prion	Design/Logic Flaw	10 Sep 202104:15	–	prion
Tenable Nessus	QNAP QTS / QuTS hero Insufficient HTTP Security Headers (QSA-21-03)	7 Apr 202200:00	–	nessus
Tenable Nessus	Qnap QTS Improper Restriction of Rendered UI Layers or Frames (CVE-2018-19957)	16 Oct 202400:00	–	nessus

NVD

Node

qnap qtsRange<4.5.4.1715

qnap quts_heroRange<h4.5.4.1771

qnap qutscloudRange<c4.5.6.1755

[
  {
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.5.4.1715 build 20210630",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h4.5.4.1771 build 20210825",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c4.5.6.1755 build 20210809",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-21-03

21 Nov 2024 03:58Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.3

CVSS 3.16.1

EPSS0.00317

CWE-1021