VYPR

Music Station

by Qnap

CVEs (12)

  • CVE-2018-0718CriSep 14, 2018
    risk 0.64cvss 9.8epss 0.02

    Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.

  • CVE-2017-13069CriOct 6, 2017
    risk 0.64cvss 9.8epss 0.02

    QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.

  • CVE-2023-39299Nov 3, 2023
    risk 0.00cvss epss 0.01

    A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music…

  • CVE-2023-23366Oct 6, 2023
    risk 0.00cvss epss 0.01

    A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following…

  • CVE-2023-23365Oct 6, 2023
    risk 0.00cvss epss 0.01

    A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following…

  • CVE-2020-36197May 13, 2021
    risk 0.00cvss epss 0.18

    An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading…

  • CVE-2020-2494Dec 10, 2020
    risk 0.00cvss epss 0.01

    This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and…

  • CVE-2018-19952Nov 2, 2020
    risk 0.00cvss epss 0.01

    If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.

  • CVE-2018-19951Nov 2, 2020
    risk 0.00cvss epss 0.01

    If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.

  • CVE-2018-19950Nov 2, 2020
    risk 0.00cvss epss 0.02

    If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.

  • CVE-2019-7185Dec 5, 2019
    risk 0.00cvss epss 0.01

    This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.

  • CVE-2018-0729Dec 4, 2019
    risk 0.00cvss epss 0.02

    This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions.