CVSS4
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
AI Score
Confidence
Low
EPSS
Percentile
10.2%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
[
{
"cpes": [
"cpe:2.3:o:qnap:quts_hero:h5.1.0:*:*:*:*:*:*:*"
],
"vendor": "qnap",
"product": "quts_hero",
"versions": [
{
"status": "affected",
"version": "h5.1.0",
"lessThan": "h5.1.8.2823",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:qnap:qts:5.1.0:*:*:*:*:*:*:*"
],
"vendor": "qnap",
"product": "qts",
"versions": [
{
"status": "affected",
"version": "5.1.0",
"lessThan": "5.1.8.2823",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
CVSS4
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
AI Score
Confidence
Low
EPSS
Percentile
10.2%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total