Detections
Analytics

CVE-2019-7193

critical

Description

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

References

https://www.qnap.com/zh-tw/security-advisory/nas-201911-25

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7193

http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

Details

Source: Mitre, NVD

Published: 2019-12-05

Updated: 2025-10-27

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.34362