PT-2021-17928 · Qnap Systems · Quts Hero+1

Jan Hoff

Published

2021-07-01

Updated

2021-07-07

CVE-2021-28804

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107 QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217

Description: A command injection issue has been reported, allowing attackers to execute arbitrary commands in a compromised application.

Recommendations: For QTS versions prior to 4.5.1.1540 build 20210107, update to version 4.5.1.1540 build 20210107 or later. For QuTS hero versions prior to h4.5.1.1582 build 20210217, update to version h4.5.1.1582 build 20210217 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-28804

Affected Products

Qts

Quts Hero

PT-2021-17928 · Qnap Systems · Quts Hero+1

CVE-2021-28804

Weakness Enumeration

Related Identifiers

Affected Products

References · 3