Remote Command Execution Vulnerability in QNAP NAS Media Streaming Application
CVE-2017-7640
9.8CRITICAL
Summary
The Media Streaming add-on for QNAP NAS devices contains a vulnerability that allows remote attackers to execute arbitrary operating system commands with root privileges. This security flaw could enable a malicious actor to gain full control of the affected system, potentially leading to unauthorized access and data compromise. Users are strongly advised to update to the latest version to mitigate this risk. For further details, refer to the official security advisory.
Affected Version(s)
QNAP Media Streaming Add-On 421.1.0.2, 430.1.2.0, and earlier
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved