QNAP Photo Station < 5.4.1 / 5.2.7 Unspecified Vulnerability

Advisories

severity: critical
date: November 12, 2025
Affecting: Photo Station < 5.4.1
Photo Station < 5.2.7 (if your NAS does not support QTS 4.3.x)
CVE: CVE-2017-20210
CVSS: 9.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: QNAP Vendor Advisory & EITW Acknowledgement
Researcher Malware Analysis
Credit: Amigo
Description: Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.
VulnCheck KEV: This advisory is in the VulnCheck KEV database