Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL.
AnalysisAI
Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL. Affected products include: Qnap Signage Station. Version information: before 2.0.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Signage Station
View allThe FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded
QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated user
Share
External POC / Exploit Code
Leaving vuln.today