An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
References
| Link | Resource |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-11 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
History
23 Apr 2021, 14:12
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6:-:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0546:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0944:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1013:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0351:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0210:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0353:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1218:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0238:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0959:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0448:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0369:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0907:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1051:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0570:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0868:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1098:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0979:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1263:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0416:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0299:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0404:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0895:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0154:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0096:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1033:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0188:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1432:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0095:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1286:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1252:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1070:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0418:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1315:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1386:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0174:*:*:*:*:*:*:* cpe:2.3:a:qnap:multimedia_console:*:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1333:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1411:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0396:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0262:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0993:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0136:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1161:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1446:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0378:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0229:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0998:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0361:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0923:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0514:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1154:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.qnap.com/en/security-advisory/qsa-21-11 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
| CWE | CWE-89 |
17 Apr 2021, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-04-17 04:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-36195
Mitre link : CVE-2020-36195
CVE.ORG link : CVE-2020-36195
JSON object : View
Products Affected
qnap
- multimedia_console
- media_streaming_add-on
- qts