PT-2021-20467 · Qnap · Qvr

Published

2021-10-01

Updated

2021-10-04

CVE-2021-34352

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: QVR versions prior to 5.1.5 build 20210902

Description: A command injection issue has been reported, potentially allowing remote attackers to execute arbitrary commands on QNAP devices running QVR.

Recommendations: For versions prior to 5.1.5 build 20210902, update to QVR 5.1.5 build 20210902 or later to resolve the issue.

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2021-34352

Affected Products

Qvr

PT-2021-20467 · Qnap · Qvr

CVE-2021-34352

Weakness Enumeration

Related Identifiers

Affected Products

References · 4