CVE-2020-36197

An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4.

CVSS v3 8.8 HIGH
CVSS v2.0 5.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/162849/QNAP-MusicStation-MalwareRemover-File-Upload-Command-Injection.html	Patch Third Party Advisory VDB Entry
https://www.qnap.com/zh-tw/security-advisory/qsa-21-08	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-591/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.5.2:-:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6:-:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3:-:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h4.5.2:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*

cpe:2.3:o:qnap:qutscloud:c4.5.4:*:*:*:*:*:*:*

History

21 Jun 2021, 16:56

Type	Values Removed	Values Added
CPE	cpe:2.3:a:qnap:quts_hero:h4.5.2:::::::*	cpe:2.3:o:qnap:quts_hero:h4.5.2:::::::*

03 Jun 2021, 14:27

Type	Values Removed	Values Added
CWE	~~CWE-22~~	CWE-284
References	~~(MISC) http://packetstormsecurity.com/files/162849/QNAP-MusicStation-MalwareRemover-File-Upload-Command-Injection.html -~~	(MISC) http://packetstormsecurity.com/files/162849/QNAP-MusicStation-MalwareRemover-File-Upload-Command-Injection.html - Patch, Third Party Advisory, VDB Entry

28 May 2021, 16:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/162849/QNAP-MusicStation-MalwareRemover-File-Upload-Command-Injection.html -

26 May 2021, 14:32

Type	Values Removed	Values Added
CWE	~~CWE-284~~	CWE-22
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.8 v3 : 8.8
CPE		cpe:2.3:a:qnap:quts_hero:h4.5.2:::::::* cpe:2.3:o:qnap:qts:4.3.6:-:::::: cpe:2.3:o:qnap:qutscloud:c4.5.4:::::::* cpe:2.3:o:qnap:qts:4.3.3:-:::::: cpe:2.3:o:qnap:qts:4.5.2:-:::::: cpe:2.3:a:qnap:music_station::::::::
References	~~(MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-591/ -~~	(MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-591/ - Third Party Advisory, VDB Entry
References	~~(MISC) https://www.qnap.com/zh-tw/security-advisory/qsa-21-08 -~~	(MISC) https://www.qnap.com/zh-tw/security-advisory/qsa-21-08 - Vendor Advisory

14 May 2021, 10:15

Type	Values Removed	Values Added
References		(MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-591/ -
CWE		CWE-284

13 May 2021, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-05-13 03:15

Updated : 2023-12-10 13:55

NVD link : CVE-2020-36197

Mitre link : CVE-2020-36197

CVE.ORG link : CVE-2020-36197

JSON object : View

Products Affected

qnap

quts_hero
qutscloud
music_station
qts

CWE

CWE-284

Improper Access Control

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2020-36197", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@qnapsecurity.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2021-05-13T03:15:06.760", "references": [{"url": "http://packetstormsecurity.com/files/162849/QNAP-MusicStation-MalwareRemover-File-Upload-Command-Injection.html", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "source": "security@qnapsecurity.com.tw"}, {"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-08", "tags": ["Vendor Advisory"], "source": "security@qnapsecurity.com.tw"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-591/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@qnapsecurity.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@qnapsecurity.com.tw", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4."}, {"lang": "es", "value": "Se ha reportado una vulnerabilidad de control de acceso inapropiado que afecta a versiones anteriores de Music Station. Si es explotada, esta vulnerabilidad permite a atacantes comprometer la seguridad del software alcanzando privilegios, leyendo informaci\u00f3n confidencial, ejecutando comandos, evadiendo la detecci\u00f3n, etc. Este problema afecta a: QNAP Systems Inc. Music Station versiones anteriores 5.3.16 en QTS versi\u00f3n 4.5.2; versiones anteriores a 5.2.10 en QTS versi\u00f3n 4.3.6; versiones anteriores a 5.1.14 en QTS versi\u00f3n 4.3.3; versiones anteriores a 5.3.16 en QuTS hero versi\u00f3n h4.5.2; versiones anteriores a 5.3.16 en QuTScloud versi\u00f3n c4.5.4"}], "lastModified": "2021-06-21T16:56:32.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8553BDF4-E7DB-4FA4-A8BD-D346CF712A0B", "versionEndExcluding": "5.3.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:4.5.2:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D430FFFE-EEC5-4CA5-A70F-002F33019CDA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07D51C24-F1F7-4FD0-AE0F-DF8890DCFB95", "versionEndExcluding": "5.2.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:4.3.6:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0E214BD-DC96-4B53-9BE7-8DD8F79B4542"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FD93232-6BF6-4EB1-842F-7C0D5B60F4B7", "versionEndExcluding": "5.1.14"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:4.3.3:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B16E7153-5F0F-489A-AA34-4A74CB04225B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8553BDF4-E7DB-4FA4-A8BD-D346CF712A0B", "versionEndExcluding": "5.3.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23F7A1DB-7D99-44FA-BCFA-8EBFF810B0AD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8553BDF4-E7DB-4FA4-A8BD-D346CF712A0B", "versionEndExcluding": "5.3.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qutscloud:c4.5.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F5CCD0BB-D81A-4C66-9280-5165FAFA2358"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@qnapsecurity.com.tw"}