PT-2020-15857 · Qnap Systems · Qts

Leommxj

Published

2020-11-16

Updated

2020-11-30

CVE-2020-2492

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.

Description The issue is a command injection vulnerability that could allow remote attackers to execute arbitrary commands if exploited.

Recommendations For QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907, update to version 4.4.3.1421 or later to resolve the issue.

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2020-2492

Affected Products

Qts

PT-2020-15857 · Qnap Systems · Qts

CVE-2020-2492

Weakness Enumeration

Related Identifiers

Affected Products

References · 5