Remote Command Execution Vulnerability in QNAP NAS Media Streaming Application
CVE-2017-7640

9.8CRITICAL

Key Information:

Vendor
Qnap
Vendor
CVE Published:
8 March 2018

Summary

The Media Streaming add-on for QNAP NAS devices contains a vulnerability that allows remote attackers to execute arbitrary operating system commands with root privileges. This security flaw could enable a malicious actor to gain full control of the affected system, potentially leading to unauthorized access and data compromise. Users are strongly advised to update to the latest version to mitigate this risk. For further details, refer to the official security advisory.

Affected Version(s)

QNAP Media Streaming Add-On 421.1.0.2, 430.1.2.0, and earlier

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.