PT-2021-4408 · Qnap · Qnap Qvr

Published

2021-09-27

·

Updated

2021-10-05

·

CVE-2021-34348

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions QNAP QVR versions prior to 5.1.5 build 20210803
Description A command injection issue affects QNAP devices running QVR, allowing remote attackers to execute arbitrary commands if exploited.
Recommendations For QNAP QVR versions prior to 5.1.5 build 20210803, update to QVR 5.1.5 build 20210803 or later to resolve the issue.

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2021-05038
CVE-2021-34348

Affected Products

Qnap Qvr