Vulnerabilities > CVE-2019-7192 - Incorrect Authorization vulnerability in Qnap Photo Station

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

qnap

CWE-863

metasploit

NVD

Published: 2019-12-05

Updated: 2022-04-22

Summary

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

Vulnerable Configurations

Part	Description	Count
Application	Qnap Qnap Photo Station 5.2.0 Qnap Photo Station 5.2.1 Qnap Photo Station 5.2.2 Qnap Photo Station 5.2.3 Qnap Photo Station 5.2.4 Qnap Photo Station 5.2.5 Qnap Photo Station 5.2.6 Qnap Photo Station 5.2.7 Qnap Photo Station 5.2.8 Qnap Photo Station 5.2.9 Qnap Photo Station 5.3.4 Qnap Photo Station 5.3.5 Qnap Photo Station 5.3.6 Qnap Photo Station 5.4.0 Qnap Photo Station 5.4.1 Qnap Photo Station 5.4.2 Qnap Photo Station 5.4.3 Qnap Photo Station 5.4.4 Qnap Photo Station 5.4.5 Qnap Photo Station 5.6.0 Qnap Photo Station 5.6.1 Qnap Photo Station 5.6.2 Qnap Photo Station 5.6.3 Qnap Photo Station 5.7.0 Qnap Photo Station 5.7.1 Qnap Photo Station 5.7.2 Qnap Photo Station 5.7.3 Qnap Photo Station 5.7.4 Qnap Photo Station 5.7.5 Qnap Photo Station 5.7.6 Qnap Photo Station 5.7.11 Qnap Photo Station 5.7.12 Qnap Photo Station 6.0.0	33
OS	Qnap Qnap QTS 4.4.1 Qnap QTS * Qnap QTS 4.2.6	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Metasploit

description	This module exploits a local file inclusion in QNAP QTS and Photo Station that allows an unauthenticated attacker to download files from the QNAP filesystem. Because the HTTP server runs as root, it is possible to access sensitive files, such as SSH private keys and password hashes. This module has been tested on QTS 4.3.3 (unknown Photo Station version) and QTS 4.3.6 with Photo Station 5.7.9.
id	MSF:AUXILIARY/GATHER/QNAP_LFI
last seen	2020-06-11
modified	2020-06-10
published	2020-05-28
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7192 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7195 https://medium.com/bugbountywriteup/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05 https://www.qnap.com/en-us/security-advisory/nas-201911-25 https://github.com/Imanfeng/QNAP-NAS-RCE
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/qnap_lfi.rb
title	QNAP QTS and Photo Station Local File Inclusion

Packetstorm

data source	https://packetstormsecurity.com/files/download/157857/qnapqtsphotostation603-exec.txt
id	PACKETSTORM:157857
last seen	2020-05-30
published	2020-05-28
reporter	Yunus YILDIRIM
source	https://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
title	QNAP QTS And Photo Station 6.0.3 Remote Command Execution

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Metasploit

Packetstorm

References