Command Injection Vulnerability in Music Station by QNAP
CVE-2018-0718

9.8CRITICAL

Key Information:

Vendor: Qnap
Status: Music Station
Vendor: CVE Published:; 14 September 2018

Summary

A command injection vulnerability exists in Music Station versions 5.1.2 and earlier, impacting QNAP's QTS versions 4.3.3 and 4.3.4. This vulnerability allows remote attackers to execute arbitrary commands within the compromised application, potentially compromising system security and data integrity.

Affected Version(s)

Music Station 5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4

References

https://www.qnap.com/zh-tw/security-advisory/nas-201809-14

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2018
Vulnerability Reserved
Nov 28, 2017