Search

Security ID : NAS-201809-14

Security Advisory for Command Injection Vulnerability in Music Station

  • Release date : September 14, 2018

  • CVE identifier : CVE-2018-0718

  • Affected products: Music Station 5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4

Severity

Critical

Status

Resolved

Summary

A command injection vulnerability was recently found in Music Station. If exploited, this vulnerability could allow remote attackers to run arbitrary commands in the compromised application.

We have already fixed this issue in Music Station version 5.1.3 and later.

Recommendation

To resolve the issue, you must update your Music Station to the latest version.

Updating Music Station

  1. Log on to QTS as administrator.
  2. Open the App Center, and then click the Search icon.
    A search box appears.
  3. Type “Music Station”, and then press ENTER.
    The Music Station application appears in the search results list.
  4. Click Update.
    A confirmation message appears.
  5. Click OK.
    The application is updated.

 

Acknowledgements: Yoni Ramon, security researcher

Revision History: V1.0 (September 14, 2018) - Published

Elija especificación

      Mostrar más Mostrar menos

      Este portal en otros países / regiones:

      open menu
      back to top