CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
46.4%
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
Vendor | Product | Version | CPE |
---|---|---|---|
qnap | qts | 4.3.3.0514 | cpe:/o:qnap:qts:4.3.3.0514::: |
qnap | qts | 4.3.3.0546 | cpe:/o:qnap:qts:4.3.3.0546::: |
qnap | qts | 4.3.3.1051 | cpe:/o:qnap:qts:4.3.3.1051::: |
qnap | qts | 4.3.3.0095 | cpe:/o:qnap:qts:4.3.3.0095::: |
qnap | qts | 4.3.3.1252 | cpe:/o:qnap:qts:4.3.3.1252::: |
qnap | qts | 4.3.3.0378 | cpe:/o:qnap:qts:4.3.3.0378::: |
qnap | qts | 4.3.3.0351 | cpe:/o:qnap:qts:4.3.3.0351::: |
qnap | qts | 4.3.3.0416 | cpe:/o:qnap:qts:4.3.3.0416::: |
qnap | qts | 4.3.6.0944 | cpe:/o:qnap:qts:4.3.6.0944::: |
qnap | qts | 4.3.6.0993 | cpe:/o:qnap:qts:4.3.6.0993::: |
[
{
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "4.3.3.1624 Build 20210416",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.3.6.1620 Build 20210322",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Media Streaming add-on",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "430.1.8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "430.1.8.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Multimedia Console",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
46.4%