NVD disclosure day
CVE-2019-7195
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
QNAP Photo Station allows remote attackers to access or modify system files. This external control of file name or path vulnerability creates a risk of unauthorized data access or alteration, potentially disrupting business operations and compromising system security.
CVE-2019-7194
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in QNAP Photo Station permits remote attackers to access or modify system files, impacting data confidentiality and integrity. This presents a business risk due to potential unauthorized data access or system compromise. Organizations should update Photo Station to the latest version.
CVE-2019-7193
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
QNAP QTS systems are vulnerable to code injection, allowing remote attackers to execute arbitrary commands. This poses a risk of unauthorized access and data compromise to affected organizations.
CVE-2019-7192
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
This vulnerability allows unauthorized remote access to QNAP systems via Photo Station. The business risk includes potential data compromise and system access. Affected organizations should update Photo Station.