CVE-2017-13069

QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
qnapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
qnapmusic_station
𝑥
≤ 4.8.6
qnapmusic_station
𝑥
≤ 5.0.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qnap.com/en/security-advisory/nas-201710-05
https://www.qnap.com/en/security-advisory/nas-201710-05