Every CVE whose affected-product data names Qnap Music Station, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2017-13069 — CVSS 9.8 (critical): QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x)…
CVE-2018-0729 — CVSS 9.8 (critical): This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the…
CVE-2018-19950 — CVSS 9.8 (critical): If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP…
CVE-2018-0718 — CVSS 9.8 (critical): Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run…
CVE-2023-23365 — CVSS 7.7 (high): A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users…
CVE-2023-23366 — CVSS 7.7 (high): A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users…
CVE-2018-19952 — CVSS 7.5 (high): If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP…
CVE-2023-39299 — CVSS 7.5 (high): A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the…
CVE-2020-36197 — CVSS 7.1 (high): An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability…
CVE-2020-2494 — CVSS 6.1 (medium): This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this…
CVE-2018-19951 — CVSS 6.1 (medium): If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP…
CVE-2019-7185 — CVSS 4.8 (medium): This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the…
CVE-2023-45038 — CVSS 4.3 (medium): An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to…