Main Vulnerability Database Exploits ID:5712 - Exploit for Externally Controlled Reference to a Resource in Another Sphere in QNAP QTS and Photo Station - CVE-2019-7195

ID:5712 - Exploit for Externally Controlled Reference to a Resource in Another Sphere in QNAP QTS and Photo Station - CVE-2019-7195

Published: June 17, 2021

Vulnerability identifier: #VU28117

Vulnerability risk: High

CVE-ID: CVE-2019-7195

CWE-ID: CWE-610

Exploitation vector: Remote access

Vulnerable software:
QNAP QTS
Photo Station

Link to public exploit:

https://www.exploit-db.com/exploits/48531/

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected software uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. A remote attacker can access or modify system files.

Remediation

Install updates from vendor's website.

ID:5712 - Exploit for Externally Controlled Reference to a Resource in Another Sphere in QNAP QTS and Photo Station - CVE-2019-7195

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human