PT-2022-3429 · Qnap · Qts+2
Enio Pena Navarro
+1
·
Published
2022-05-05
·
Updated
2023-11-14
·
CVE-2021-44051
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
QuTScloud versions prior to c5.0.1.1949
QuTS hero versions prior to h5.0.0.1986 build 20220324
QTS versions prior to 5.0.0.1986 build 20220324
Description
A command injection issue affects QNAP NAS running QuTScloud, QuTS hero, and QTS, allowing remote attackers to execute arbitrary commands. This issue is related to the operating system's failure to neutralize special elements used in OS commands, which can be exploited by remote attackers to impact the confidentiality, integrity, and availability of information.
Recommendations
For QuTScloud versions prior to c5.0.1.1949, update to QuTScloud c5.0.1.1949 or later.
For QuTS hero versions prior to h5.0.0.1986 build 20220324, update to QuTS hero h5.0.0.1986 build 20220324 or later.
For QTS versions prior to 5.0.0.1986 build 20220324, update to QTS 5.0.0.1986 build 20220324 or later.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qts
Quts Hero
Qutscloud