PT-2018-8416 · Qnap · Qnap Nas

Tony Martin

·

Published

2018-06-05

·

Updated

2018-07-12

·

CVE-2017-7637

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions QNAP NAS application Proxy Server versions prior to 1.2.1
Description The issue allows remote attackers to run arbitrary OS commands against the system with root privileges.
Recommendations For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2017-7637

Affected Products

Qnap Nas