RSS   Vulnerabilities for 'Media streaming add-on'   RSS

2018-03-08
 
CVE-2017-7641

CWE-352
 

 
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections.

 
 
CVE-2017-7640

CWE-78
 

 
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges.

 
 
CVE-2017-7638

CWE-287
 

 
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS.

 
 
CVE-2017-7634

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page.

 

 >>> Vendor: QNAP 41 Products
NAS
Helpdesk
Ts-239 pro turbo nas
Ts-639 pro turbo nas
Surveillance station pro
Viostor network video recorder
QTS
Photo station
Photo station firmware
Ss-839
Ts-459u
Ts-469u
Ts-ec1679u-rp
Ss-839 firmware
Ts-459u firmware
Ts-469u firmware
Ts-ec1679u-rp firmware
Video station
Sinage station
Signage station
Iartist lite
Ts-212p firmware
Qts helpdesk
Music station
Qsync
Media streaming add-on
Qfinder pro
Q'center
Q'center virtual appliance
Myqnapcloud
Netbak replicator
Quts hero
Multimedia console
QES
Qutscloud
Roon server
Qulog center
Q\'center
QVR
Qcalagent
Qvr firmware


Copyright 2024, cxsecurity.com

 

Back to Top