PT-2017-12910 · Qnap · Qnap Video Station+1
李衍龙
+1
·
Published
2017-11-22
·
Updated
2017-12-12
·
CVE-2017-13071
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP Video Station versions prior to 5.1.3 (for QTS 4.3.3) and 5.2.0 (for QTS 4.3.4)
Description
This issue allows a remote attacker to run arbitrary commands.
Recommendations
For QNAP Video Station version 5.1.3 (for QTS 4.3.3) and later, no action is required as the issue has been patched.
For QNAP Video Station versions prior to 5.1.3 (for QTS 4.3.3) and 5.2.0 (for QTS 4.3.4), update to the latest version to resolve the issue.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qnap Video Station
Qts