CVE-2019-7192 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in QNAP NAS devices running Photo Station affects v. QTS 4.4.1: Photo Station before version 6.0.3, QTS 4.3.4 - QTS 4.4.0: Photo Station before version 5.7.10, QTS 4.3.0 - QTS 4.3.3: Photo Station before version 5.4.9, QTS 4.2.6: Photo Station before version 5.2.11.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
QNAP is a provider of Network Attached Storage (NAS) devices that are designed to meet the data storage needs of businesses. One of the most popular QNAP NAS features is Photo Station, an application that allows users to easily organize and share photos from their devices. With Photo Station, photos can be accessed from anywhere and shared with friends, family, or collaborators.
However, QNAP recently announced that Photo Station had a serious security vulnerability, known as CVE-2019-7192. This vulnerability allowed attackers to gain unauthorized access to sensitive information stored on the device, including private photos, user data, and passwords. The vulnerability affected all versions of Photo Station prior to the latest version, making it a critical issue that required immediate attention.
If this vulnerability is exploited, the consequences can be dire. Attackers can gain access to user data and photos, which can be used for identity theft or other malicious purposes. Private information, such as passwords or personal correspondence, could also be revealed and result in significant harm. This vulnerability could lead to a major setback for businesses that rely on Photo Station to store and share important data.
In conclusion, if you are a QNAP NAS user who relies on Photo Station, it is essential to take these precautions to protect your data. Fortunately, by using a reputable security platform such as s4e.io, you can stay informed of any vulnerabilities or issues with your digital assets and take action before it’s too late. Don't leave your data exposed, take action today.
REFERENCES