CISA Known Exploited Vulnerability

CVE-2019-7192 Ransomware

QNAP · Photo Station

QNAP Photo Station Improper Access Control Vulnerability

Date added 2022-06-08

BOD 22-01 due date 2022-06-22

CWE CWE-863

Ransomware Known

CISA description

QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2019-7192

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2019-7192
CVE.org · CVE-2019-7192
CISA KEV catalog (canonical)