Home

Description

A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later

PUBLISHED Reserved 2023-07-27 | Published 2023-11-03 | Updated 2024-09-05 | Assigner qnap




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-22

Product status

Default status
unaffected

4.8.x (custom) before 4.8.11
affected

5.1.x (custom) before 5.1.16
affected

5.3.x (custom) before 5.3.23
affected

Credits

fredoun finder

References

www.qnap.com/en/security-advisory/qsa-23-61

www.qnap.com/en/security-advisory/qsa-23-61

cve.org (CVE-2023-39299)

nvd.nist.gov (CVE-2023-39299)

Download JSON