CVE-2018-0730

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

Published: Dec 4, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-0730
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
qnap / qts	4.2.6	4.2.6.x
qnap / qts	4.4.1.1033-beta_4	4.4.1.1033-beta_4.x
qnap / qts	4.4.1.1031-beta_4	4.4.1.1031-beta_4.x
qnap / qts	4.4.1.0999-beta_3	4.4.1.0999-beta_3.x
qnap / qts	4.4.1.0998-beta_3	4.4.1.0998-beta_3.x
qnap / qts	4.4.1.0978-beta_2	4.4.1.0978-beta_2.x
qnap / qts	4.4.1.0949-beta	4.4.1.0949-beta.x
qnap / qts	4.4.1.0948-beta	4.4.1.0948-beta.x
qnap / qts	4.3.6.1033	4.3.6.1033.x
qnap / qts	4.3.6.1013	4.3.6.1013.x
qnap / qts	4.3.6.0993	4.3.6.0993.x
qnap / qts	4.3.6.0979	4.3.6.0979.x
qnap / qts	4.3.6.0959	4.3.6.0959.x
qnap / qts	4.3.6.0944	4.3.6.0944.x
qnap / qts	4.3.6.0923	4.3.6.0923.x
qnap / qts	4.3.6.0907	4.3.6.0907.x
qnap / qts	4.3.6.0895	4.3.6.0895.x
qnap / qts	4.3.3.0998	4.3.3.0998.x
qnap / qts	4.3.3.0868	4.3.3.0868.x
qnap / qts	4.3.4.1029	4.3.4.1029.x
qnap / qts	4.3.4.0899	4.3.4.0899.x
qnap / qts	4.4.1.1101	4.4.1.1101.x
qnap / qts	4.4.1.1086	4.4.1.1086.x
qnap / qts	4.4.1.1081	4.4.1.1081.x
qnap / qts	4.4.1.1064	4.4.1.1064.x

https://www.qnap.com/zh-tw/security-advisory/nas-201911-20

Vulnerability Database

289,689

CVE-2018-0730