CVE-2018-19945 in QTSinfo

Summary

by MITRE • 01/01/2021

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

01/01/2021

Moderation

accepted

Entry

VDB-167172

CPE

ready

CWE

CWE-73 (confirmed)

CVSS

5.5 (VulDB)

EPSS

0.00399

KEV

Activities

very low

Sector

Transportation, Chemical, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-19945
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-19945
CVE Details	https://www.cvedetails.com/cve/CVE-2018-19945/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!