PT-2017-2324 · Qnap · Qts

Published

2017-06-15

Updated

2020-09-11

CVE-2017-7876

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QTS versions prior to 4.2.6 build 20170517 QTS versions prior to 4.3.3.0174 build 20170503

Description The issue is related to a lack of input sanitization in the QTS operating system, allowing for command injection. This can enable a remote attacker to execute arbitrary commands. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For QTS versions prior to 4.2.6 build 20170517, update to QTS 4.2.6 build 20170517 or later. For QTS versions prior to 4.3.3.0174 build 20170503, update to QTS 4.3.3.0174 build 20170503 or later.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2017-01522

CVE-2017-7876

Affected Products

Qts

PT-2017-2324 · Qnap · Qts

CVE-2017-7876

Weakness Enumeration

Related Identifiers

Affected Products

References · 7