Threat Intelligence / CVE / CVE-2019-7192

CVE-2019-7192

CISA KEVRansomware

CVSS 9.8 (CRITICAL) · EPSS 94.3% · Published 2019-12-05

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-863

Threats tracking this CVE

AI-Augmented FortiGate Mass Exploitation — Russian-Speaking Actor Breaches 600+ Firewalls Across 55 Countries Using LLM-Generated Tooling and Custom MCP Framework — CRITICAL

References

http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7192

Full detection coverage & IOCs for threats exploiting CVE-2019-7192 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence