Music Station
CVE-2023-39299

7.5HIGH

Key Information:

Vendor: QNAP
Status: Music Station
Vendor: CVE Published:; 3 November 2023

Summary

A path traversal vulnerability has been identified in QNAP's Music Station, enabling unauthorized users to access sensitive files on the system. If exploited, this flaw could permit individuals to read unexpected files, potentially revealing confidential information over the network. QNAP has addressed this issue in Music Station versions 4.8.11, 5.1.16, and 5.3.23 or later.

Affected Version(s)

Music Station 4.8.x < 4.8.11

Music Station 5.1.x < 5.1.16

Music Station 5.3.x < 5.3.23

References

https://www.qnap.com/en/security-advisory/qsa-23-61

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Jul 27, 2023

Credit

fredoun