CVE-2020-36197

🗓️ 13 May 2021 02:55:12Reported by qnapType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 97 Views

Improper access control vulnerability in Music Statio

Reporter	Title	Published	Views	Family All 9
0day.today	QNAP MusicStation / MalwareRemover File Upload / Command Injection Vulnerabilities	28 May 202100:00	–	zdt
CNNVD	Qnap Systems QNAP Music Station 访问控制错误漏洞	13 May 202100:00	–	cnnvd
Cvelist	CVE-2020-36197 Improper Access Control Vulnerability in Music Station	13 May 202102:55	–	cvelist
EUVD	EUVD-2020-23761	7 Oct 202500:30	–	euvd
NVD	CVE-2020-36197	13 May 202103:15	–	nvd
OpenVAS	QNAP QTS Music Station Improper Access Control Vulnerability (QSA-21-08)	18 May 202100:00	–	openvas
Prion	Improper access control	13 May 202103:15	–	prion
seebug.org	QNAP Music Station/Malware Remover未授权远程代码执行漏洞（CVE-2020-36197 CVE-2020-36198）	1 Jun 202100:00	–	seebug
Zero Day Initiative	QNAP NAS MusicStation Directory Traversal Arbitrary File Creation Vulnerability	14 May 202100:00	–	zdi

NVD

Node

qnap music_stationRange<5.3.16

AND

qnap qtsMatch4.5.2-

Node

qnap music_stationRange<5.2.10

AND

qnap qtsMatch4.3.6-

Node

qnap music_stationRange<5.1.14

AND

qnap qtsMatch4.3.3-

Node

qnap music_stationRange<5.3.16

AND

qnap quts_heroMatchh4.5.2

Node

qnap music_stationRange<5.3.16

AND

qnap qutscloudMatchc4.5.4

[
  {
    "platforms": [
      "QTS 4.5.2"
    ],
    "product": "Music Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.3.16",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.3.6"
    ],
    "product": "Music Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.2.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.3.3"
    ],
    "product": "Music Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.14",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QuTS hero h4.5.2"
    ],
    "product": "Music Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.3.16",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QuTScloud c4.5.4"
    ],
    "product": "Music Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.3.16",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/zh-tw/security-advisory/qsa-21-08
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-591/
packetstormsecurity	www.packetstormsecurity.com/files/162849/QNAP-MusicStation-MalwareRemover-File-Upload-Command-Injection.html