Resolved Security Advisory for Photo Station Vulnerability
- Release date: January 14, 2019
- Security ID: NAS-201901-14
- Severity: High
- CVE identifier: CVE-2018-0722
- Affected products: Photo Station versions:
5.7.2 and earlier in QTS 4.3.4
5.4.4 and earlier in QTS 4.3.3
5.2.8 and earlier in QTS 4.2.6 - Status: Resolved
Summary
A path traversal vulnerability has been reported to affect several Photo Station versions. If successfully exploited, the vulnerability could allow remote attackers to access sensitive information on the device.
We have already fixed these issues in the following versions.
QTS 4.3.4: Photo Station 5.7.3 and later.
QTS 4.3.3: Photo Station 5.4.5 and later.
QTS 4.2.6: Photo Station 5.2.9 and later.
Recommendation
To resolve the issue, you must update Photo Station to the latest version.
Upgrading Photo Station
- Log on to QTS as administrator.
- Open the App Center, and then click the Search icon.
A search box appears. - Type “Photo Station”, and then press ENTER.
The Photo Station application appears in the search results list. - Click Update.
A confirmation message appears. - Click OK.
The application is updated.
Acknowledgements: Yoni Ramon, security researcher
Revision History: V1.0 (January 14, 2019) - Published