CVE-2018-0718

9.8CRITICAL

Key Information:

Vendor: Qnap
Status: Music Station
Vendor: CVE Published:; 14 September 2018

Summary

Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.

Affected Version(s)

Music Station 5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4

References

https://www.qnap.com/zh-tw/security-advisory/nas-201809-14

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2018
Vulnerability Reserved
Nov 28, 2017