Several vulnerabilities have been reported to affect multiple versions of QTS and Photo Station.

• CVE-2019-7192: This improper access control vulnerability allows remote attackers to gain unauthorized access to the system.
• CVE-2019-7193: This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system.
• CVE-2019-7194: This external control of file name or path vulnerability allows remote attackers to access or modify system files.
• CVE-2019-7195: This external control of file name or path vulnerability allows remote attackers to access or modify system files.

To fix these vulnerabilities, we recommend updating QTS and Photo Station to their latest versions.

Recommendations

Regardless of which version of QTS you currently use, QNAP strongly recommends updating your QTS to the latest available version for your NAS model to ensure that your device can benefit from vulnerability fixes.

References

• https://www.qnap.com/zh-tw/security-advisory/nas-201911-25

CVE-2019-7192, CVE-2019-7193, CVE-2019-7194, CVE-2019-7195