Remote Command Execution Vulnerability in QNAP NAS Media Streaming Application
CVE-2017-7640

9.8CRITICAL

Key Information:

Vendor: Qnap
Status: Qnap Media Streaming Add-on
Vendor: CVE Published:; 8 March 2018

Summary

The Media Streaming add-on for QNAP NAS devices contains a vulnerability that allows remote attackers to execute arbitrary operating system commands with root privileges. This security flaw could enable a malicious actor to gain full control of the affected system, potentially leading to unauthorized access and data compromise. Users are strongly advised to update to the latest version to mitigate this risk. For further details, refer to the official security advisory.

Affected Version(s)

QNAP Media Streaming Add-On 421.1.0.2, 430.1.2.0, and earlier

References

https://www.qnap.com/zh-tw/security-advisory/nas-201803-08

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2018
Vulnerability Reserved
Apr 10, 2017