CVE-2017-7876

Name of the Vulnerable Software and Affected Versions QTS versions prior to 4.2.6 build 20170517 QTS versions prior to 4.3.3.0174 build 20170503

Description The issue is related to a lack of input sanitization in the QTS operating system, allowing for command injection. This can enable a remote attacker to execute arbitrary commands. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For QTS versions prior to 4.2.6 build 20170517, update to QTS 4.2.6 build 20170517 or later. For QTS versions prior to 4.3.3.0174 build 20170503, update to QTS 4.3.3.0174 build 20170503 or later.