PT-2020-6681 · Qnap · Qts
Published
2020-10-28
·
Updated
2025-11-03
·
CVE-2018-19949
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QTS versions prior to 4.4.2.1231
QTS versions prior to 4.4.1.1201
QTS versions prior to 4.3.6.1218
QTS versions prior to 4.3.4.1190
QTS versions prior to 4.3.3.1161
QTS versions prior to 4.2.6
Description
This issue is related to a command injection vulnerability that could allow remote attackers to run arbitrary commands if exploited. The vulnerability is associated with the failure to neutralize special elements used in the operating system command.
Recommendations
For versions prior to 4.4.2.1231, update to QTS 4.4.2.1231 or later.
For versions prior to 4.4.1.1201, update to QTS 4.4.1.1201 or later.
For versions prior to 4.3.6.1218, update to QTS 4.3.6.1218 or later.
For versions prior to 4.3.4.1190, update to QTS 4.3.4.1190 or later.
For versions prior to 4.3.3.1161, update to QTS 4.3.3.1161 or later.
For versions prior to 4.2.6, update to QTS 4.2.6 or later.
Fix
Command Injection
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qts