CVE-2020-36195

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0095:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0096:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0136:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0154:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0174:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0188:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0210:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0229:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0238:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0570:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0546:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0514:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0998:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0868:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1315:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0262:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0299:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0351:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0353:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0361:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0369:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0378:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0396:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0404:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0416:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0418:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0448:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1051:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1098:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1161:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1252:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1033:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1013:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0993:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0979:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0959:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0944:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0923:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0907:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0895:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1386:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1286:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1333:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1411:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6:-:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1070:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1154:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1218:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1263:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1446:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1432:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:qnap:multimedia_console:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

Information

Published : 2021-04-16 21:15

Updated : 2021-04-23 07:12


NVD link : CVE-2020-36195

Mitre link : CVE-2020-36195


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

qnap

  • qts
  • multimedia_console
  • media_streaming_add-on