PT-2018-9032 · Qnap · Qnap Qts

Published

2018-06-21

Updated

2019-10-03

CVE-2018-0712

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 4.3.4 build 20180413

Description A command injection issue in the LDAP Server of QNAP QTS could allow remote attackers to execute arbitrary commands or install malware on the NAS.

Recommendations For QNAP QTS versions prior to 4.3.4 build 20180413, update to a version newer than 4.3.4 build 20180413 to resolve the issue.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2018-0712

Affected Products

Qnap Qts

PT-2018-9032 · Qnap · Qnap Qts

CVE-2018-0712

Weakness Enumeration

Related Identifiers

Affected Products

References · 4