CVE-2018-19950

Summary

If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.Music Stationunspecified < 5.1.13affected
QNAP Systems Inc.Music Stationunspecified < 5.2.9affected
QNAP Systems Inc.Music Stationunspecified < 5.3.11affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References