CVE-2019-7201

An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
qnapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
qnapnetbak_replicator
𝑥
≤ 4.5.11.816
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qnap.com/zh-tw/security-advisory/nas-201912-02
https://www.qnap.com/zh-tw/security-advisory/nas-201912-02