Vulnerability Description
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Qts | < 4.3.3 |
| Qnap | Media Streaming Add-On | < 430.1.8.10 |
| Qnap | Multimedia Console | < 1.3.4 |
Related Weaknesses (CWE)
References
- https://www.qnap.com/en/security-advisory/qsa-21-11Vendor Advisory
- https://www.qnap.com/en/security-advisory/qsa-21-11Vendor Advisory
FAQ
What is CVE-2020-36195?
CVE-2020-36195 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain applicat...
How severe is CVE-2020-36195?
CVE-2020-36195 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-36195?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qts, Qnap Media Streaming Add-On, Qnap Multimedia Console.