Lucene search

[email protected]CVE-2020-36195

HistoryApr 17, 2021 - 4:15 a.m.

CVE-2020-36195

2021-04-1704:15:11

CWE-943

CWE-89

CWE-20

[email protected]

web.nvd.nist.gov

124

In Wild

cve-2020-36195

sql injection

qnap nas

multimedia console

media streaming

vulnerability

remote exploit

application information

security update

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later

Affected configurations

NVD

Node

qnapqtsRange<4.3.3

qnapqtsRange4.3.4–4.3.6

qnapqtsMatch4.3.3

qnapqtsMatch4.3.3.0095

qnapqtsMatch4.3.3.0096

qnapqtsMatch4.3.3.0136

qnapqtsMatch4.3.3.0154

qnapqtsMatch4.3.3.0174

qnapqtsMatch4.3.3.0188

qnapqtsMatch4.3.3.0210

qnapqtsMatch4.3.3.0229

qnapqtsMatch4.3.3.0238

qnapqtsMatch4.3.3.0262

qnapqtsMatch4.3.3.0299

qnapqtsMatch4.3.3.0351

qnapqtsMatch4.3.3.0353

qnapqtsMatch4.3.3.0361

qnapqtsMatch4.3.3.0369

qnapqtsMatch4.3.3.0378

qnapqtsMatch4.3.3.0396

qnapqtsMatch4.3.3.0404

qnapqtsMatch4.3.3.0416

qnapqtsMatch4.3.3.0418

qnapqtsMatch4.3.3.0448

qnapqtsMatch4.3.3.0514

qnapqtsMatch4.3.3.0546

qnapqtsMatch4.3.3.0570

qnapqtsMatch4.3.3.0868

qnapqtsMatch4.3.3.0998

qnapqtsMatch4.3.3.1051

qnapqtsMatch4.3.3.1098

qnapqtsMatch4.3.3.1161

qnapqtsMatch4.3.3.1252

qnapqtsMatch4.3.3.1315

qnapqtsMatch4.3.3.1386

qnapqtsMatch4.3.3.1432

qnapqtsMatch4.3.6-

qnapqtsMatch4.3.6.0895

qnapqtsMatch4.3.6.0907

qnapqtsMatch4.3.6.0923

qnapqtsMatch4.3.6.0944

qnapqtsMatch4.3.6.0959

qnapqtsMatch4.3.6.0979

qnapqtsMatch4.3.6.0993

qnapqtsMatch4.3.6.1013

qnapqtsMatch4.3.6.1033

qnapqtsMatch4.3.6.1070

qnapqtsMatch4.3.6.1154

qnapqtsMatch4.3.6.1218

qnapqtsMatch4.3.6.1263

qnapqtsMatch4.3.6.1286

qnapqtsMatch4.3.6.1333

qnapqtsMatch4.3.6.1411

qnapqtsMatch4.3.6.1446

Node

qnapmedia_streaming_add-onRange<430.1.8.10

AND

qnapqtsMatch4.3.3

Node

qnapmedia_streaming_add-onRange<430.1.8.8

AND

qnapqtsMatch4.3.6

Node

qnapmultimedia_consoleRange<1.3.4

AND

qnapqtsRange4.4.0≥

VendorProductVersionCPE
qnapqts4.3.3.0514cpe:/o:qnap:qts:4.3.3.0514:::
qnapqts4.3.3.0546cpe:/o:qnap:qts:4.3.3.0546:::
qnapqts4.3.3.1051cpe:/o:qnap:qts:4.3.3.1051:::
qnapqts4.3.3.0095cpe:/o:qnap:qts:4.3.3.0095:::
qnapqts4.3.3.1252cpe:/o:qnap:qts:4.3.3.1252:::
qnapqts4.3.3.0378cpe:/o:qnap:qts:4.3.3.0378:::
qnapqts4.3.3.0351cpe:/o:qnap:qts:4.3.3.0351:::
qnapqts4.3.3.0416cpe:/o:qnap:qts:4.3.3.0416:::
qnapqts4.3.6.0944cpe:/o:qnap:qts:4.3.6.0944:::
qnapqts4.3.6.0993cpe:/o:qnap:qts:4.3.6.0993:::

Vendor	Product	Version	CPE
qnap	qts	4.3.3.0514	cpe:/o:qnap:qts:4.3.3.0514:::
qnap	qts	4.3.3.0546	cpe:/o:qnap:qts:4.3.3.0546:::
qnap	qts	4.3.3.1051	cpe:/o:qnap:qts:4.3.3.1051:::
qnap	qts	4.3.3.0095	cpe:/o:qnap:qts:4.3.3.0095:::
qnap	qts	4.3.3.1252	cpe:/o:qnap:qts:4.3.3.1252:::
qnap	qts	4.3.3.0378	cpe:/o:qnap:qts:4.3.3.0378:::
qnap	qts	4.3.3.0351	cpe:/o:qnap:qts:4.3.3.0351:::
qnap	qts	4.3.3.0416	cpe:/o:qnap:qts:4.3.3.0416:::
qnap	qts	4.3.6.0944	cpe:/o:qnap:qts:4.3.6.0944:::
qnap	qts	4.3.6.0993	cpe:/o:qnap:qts:4.3.6.0993:::

Rows per page:

1-10 of 521

CNA Affected

[
  {
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.3.1624 Build 20210416",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.6.1620 Build 20210322",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Media Streaming add-on",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "430.1.8.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "430.1.8.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Multimedia Console",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "1.3.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-11

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON

Related for CVE-2020-36195

attackerkb1 openvas1 nvd1 prion1 cvelist1 thn1