CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
20.7%
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTScloud c5.1.0.2498 and later
Vendor | Product | Version | CPE |
---|---|---|---|
qnap | qts | 5.0.0.1716 | cpe:2.3:o:qnap:qts:5.0.0.1716:build_20210701:*:*:*:*:*:* |
qnap | qts | 5.0.0.1785 | cpe:2.3:o:qnap:qts:5.0.0.1785:build_20210908:*:*:*:*:*:* |
qnap | qts | 5.0.0.1808 | cpe:2.3:o:qnap:qts:5.0.0.1808:build_20211001:*:*:*:*:*:* |
qnap | qts | 5.0.0.1828 | cpe:2.3:o:qnap:qts:5.0.0.1828:build_20211020:*:*:*:*:*:* |
qnap | qts | 5.0.0.1837 | cpe:2.3:o:qnap:qts:5.0.0.1837:build_20211029:*:*:*:*:*:* |
qnap | qts | 5.0.0.1850 | cpe:2.3:o:qnap:qts:5.0.0.1850:build_20211111:*:*:*:*:*:* |
qnap | qts | 5.0.0.1853 | cpe:2.3:o:qnap:qts:5.0.0.1853:build_20211114:*:*:*:*:*:* |
qnap | qts | 5.0.0.1858 | cpe:2.3:o:qnap:qts:5.0.0.1858:build_20211119:*:*:*:*:*:* |
qnap | qts | 5.0.0.1870 | cpe:2.3:o:qnap:qts:5.0.0.1870:build_20211201:*:*:*:*:*:* |
qnap | qts | 5.0.1.2034 | cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:* |