Command injection

2024-02-0216:15:00

PRIOn knowledge base

www.prio-n.com

command injection

operating system

vulnerability

qnap

authentication

network

fixed version

nvd

7.9 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.4%

JSON

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later

CPENameOperatorVersion
qtseq5.1.0.2348 build-20230325
qtseq5.1.0.2418 build-20230603
qtseq5.1.0.2399 build-20230515
qtseq5.1.0.2466 build-20230721
qtseq5.1.1.2491 build-20230815
qtseq5.1.0.2444 build-20230629
qtseq5.1.2.2533 build-20230926
qtseq5.1.3.2578
quts_heroeqh5.1.0.2409 build-20230525
quts_heroeqh5.1.1.2488 build-20230812

Name	Operator	Version
qts	eq	5.1.0.2348 build-20230325
qts	eq	5.1.0.2418 build-20230603
qts	eq	5.1.0.2399 build-20230515
qts	eq	5.1.0.2466 build-20230721
qts	eq	5.1.1.2491 build-20230815
qts	eq	5.1.0.2444 build-20230629
qts	eq	5.1.2.2533 build-20230926
qts	eq	5.1.3.2578
quts_hero	eq	h5.1.0.2409 build-20230525
quts_hero	eq	h5.1.1.2488 build-20230812