If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
History

Wed, 22 Oct 2025 00:30:00 +0000


Tue, 21 Oct 2025 20:30:00 +0000


Tue, 21 Oct 2025 19:30:00 +0000


Thu, 06 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-05-24'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2020-10-28T17:55:18.000Z

Updated: 2025-10-21T23:35:34.057Z

Reserved: 2018-12-07T00:00:00.000Z

Link: CVE-2018-19949

cve-icon Vulnrichment

Updated: 2024-08-05T11:51:17.944Z

cve-icon NVD

Status : Modified

Published: 2020-10-28T18:15:12.647

Modified: 2025-10-22T00:16:21.877

Link: CVE-2018-19949

cve-icon Redhat

No data.