PT-2021-17934 · Qnap Systems · Quts Hero+3
Thomas Fady
·
Published
2021-06-03
·
Updated
2022-10-18
·
CVE-2021-28812
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2
QNAP Systems Inc. Video Station versions prior to 5.5.4 on QuTS hero h4.5.2
QNAP Systems Inc. Video Station versions prior to 5.5.4 on QuTScloud c4.5.4
Description:
A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands.
Recommendations:
For versions prior to 5.5.4 on QTS 4.5.2, update to version 5.5.4 or later.
For versions prior to 5.5.4 on QuTS hero h4.5.2, update to version 5.5.4 or later.
For versions prior to 5.5.4 on QuTScloud c4.5.4, update to version 5.5.4 or later.
Fix
Command Injection
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qts
Quts Hero
Qutscloud
Video Station