CVE-2020-36195

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2020-36195
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2021-04-17 04:15:00 UTC
Updated2021-04-23 14:12:00 UTC
DescriptionAn SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later

Risk And Classification

Problem Types: CWE-89

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Qnap Media Streaming Add-on All All All All
Application Qnap Multimedia Console All All All All
Operating System Qnap Qts All All All All
Operating System Qnap Qts 4.3.3 All All All
Operating System Qnap Qts 4.3.6 All All All
Operating System Qnap Qts All All All All
Operating System Qnap Qts 4.3.3 All All All
Operating System Qnap Qts 4.3.3.0095 All All All
Operating System Qnap Qts 4.3.3.0096 All All All
Operating System Qnap Qts 4.3.3.0136 All All All
Operating System Qnap Qts 4.3.3.0154 All All All
Operating System Qnap Qts 4.3.3.0174 All All All
Operating System Qnap Qts 4.3.3.0188 All All All
Operating System Qnap Qts 4.3.3.0210 All All All
Operating System Qnap Qts 4.3.3.0229 All All All
Operating System Qnap Qts 4.3.3.0238 All All All
Operating System Qnap Qts 4.3.3.0262 All All All
Operating System Qnap Qts 4.3.3.0299 All All All
Operating System Qnap Qts 4.3.3.0351 All All All
Operating System Qnap Qts 4.3.3.0353 All All All
Operating System Qnap Qts 4.3.3.0361 All All All
Operating System Qnap Qts 4.3.3.0369 All All All
Operating System Qnap Qts 4.3.3.0378 All All All
Operating System Qnap Qts 4.3.3.0396 All All All
Operating System Qnap Qts 4.3.3.0404 All All All
Operating System Qnap Qts 4.3.3.0416 All All All
Operating System Qnap Qts 4.3.3.0418 All All All
Operating System Qnap Qts 4.3.3.0448 All All All
Operating System Qnap Qts 4.3.3.0514 All All All
Operating System Qnap Qts 4.3.3.0546 All All All
Operating System Qnap Qts 4.3.3.0570 All All All
Operating System Qnap Qts 4.3.3.0868 All All All
Operating System Qnap Qts 4.3.3.0998 All All All
Operating System Qnap Qts 4.3.3.1051 All All All
Operating System Qnap Qts 4.3.3.1098 All All All
Operating System Qnap Qts 4.3.3.1161 All All All
Operating System Qnap Qts 4.3.3.1252 All All All
Operating System Qnap Qts 4.3.3.1315 All All All
Operating System Qnap Qts 4.3.3.1386 All All All
Operating System Qnap Qts 4.3.3.1432 All All All
Operating System Qnap Qts 4.3.6 - All All
Operating System Qnap Qts 4.3.6.0895 All All All
Operating System Qnap Qts 4.3.6.0907 All All All
Operating System Qnap Qts 4.3.6.0923 All All All
Operating System Qnap Qts 4.3.6.0944 All All All
Operating System Qnap Qts 4.3.6.0959 All All All
Operating System Qnap Qts 4.3.6.0979 All All All
Operating System Qnap Qts 4.3.6.0993 All All All
Operating System Qnap Qts 4.3.6.1013 All All All
Operating System Qnap Qts 4.3.6.1033 All All All
Operating System Qnap Qts 4.3.6.1070 All All All
Operating System Qnap Qts 4.3.6.1154 All All All
Operating System Qnap Qts 4.3.6.1218 All All All
Operating System Qnap Qts 4.3.6.1263 All All All
Operating System Qnap Qts 4.3.6.1286 All All All
Operating System Qnap Qts 4.3.6.1333 All All All
Operating System Qnap Qts 4.3.6.1411 All All All
Operating System Qnap Qts 4.3.6.1446 All All All

References

ReferenceSourceLinkTags
SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On - Security Advisory | QNAP MISC www.qnap.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Yaniv Puyeski

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report