PT-2021-17924 · Qnap Systems · Qts

Published

2021-06-24

Updated

2021-06-30

CVE-2021-28800

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: QNAP Systems Inc. QTS versions prior to 4.3.6.1663 Build 20210504 QNAP Systems Inc. QTS versions prior to 4.3.3.1624 Build 20210416

Description: A command injection issue has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this issue allows attackers to execute arbitrary commands in a compromised application.

Recommendations: For QNAP Systems Inc. QTS versions prior to 4.3.6.1663 Build 20210504, update to version 4.3.6.1663 Build 20210504 or later. For QNAP Systems Inc. QTS versions prior to 4.3.3.1624 Build 20210416, update to version 4.3.3.1624 Build 20210416 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-28800

Affected Products

Qts

PT-2021-17924 · Qnap Systems · Qts

CVE-2021-28800

Weakness Enumeration

Related Identifiers

Affected Products

References · 4