vulnerability

QNAP QTS: CVE-2019-7198: Command Injection Vulnerability in QTS and QuTS hero

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Dec 7, 2020	Aug 4, 2025	Oct 16, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Dec 7, 2020

Added

Aug 4, 2025

Modified

Oct 16, 2025

Description

This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later

Solution

qnap-qts-upgrade-latest

References

CWE-77
CWE-78
CVE-2019-7198
https://attackerkb.com/topics/CVE-2019-7198
URL-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7198
URL-https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-7198
URL-https://www.qnap.com/en-uk/security-advisory/QSA-20-16

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today