Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistQnapCVELIST:CVE-2020-2509
HistoryApr 16, 2021 - 12:00 a.m.

CVE-2020-2509 Command Injection Vulnerability in QTS and QuTS hero

2021-04-1600:00:00
CWE-77
CWE-78
qnap
www.cve.org
6
cve-2020-2509
command injection
qts
quts hero
vulnerability
fixed versions
exploited

EPSS

0.002

Percentile

62.2%

JSON

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later

CNA Affected

[
  {
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.5.2.1566 Build 20210202",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.5.1.1495 Build 20201123",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.6.1620 Build 20210322",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.4.1632 Build 20210324",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.3.1624 Build 20210416",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.6 Build 20210327",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h4.5.1.1491 build 20201119",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

attackerkb 1
openvas 3
cisa_kev 1
nessus 1
prion 1
nvd 1
cve 1
threatpost 1
rapid7blog 1
ics 1
attackerkb
attackerkb
CVE-2020-2509
2021-04-16 00:00:00
openvas
openvas
QNAP QTS Command Injection Vulnerability (QSA-21-05)
2021-04-19 00:00:00
QNAP QTS 4.5.x Command Injection Vulnerability (CVE-2020-2509)
2021-04-07 00:00:00
QNAP QTS < 4.3.6.1620 Build 20210322 Multiple Vulnerabilities
2021-04-07 00:00:00
cisa_kev
cisa_kev
QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
2022-04-11 00:00:00
nessus
nessus
QNAP QTS / QuTS hero Command Injection (QSA-21-05)
2022-04-19 00:00:00
prion
prion
Command injection
2021-04-17 04:15:00
nvd
nvd
CVE-2020-2509
2021-04-17 04:15:11
cve
cve
CVE-2020-2509
2021-04-17 04:15:11
threatpost
threatpost
Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack
2021-04-01 19:53:04
rapid7blog
rapid7blog
QNAP Poisoned XML Command Injection (Silently Patched)
2022-08-04 14:43:45
ics
ics
2021 Top Routinely Exploited Vulnerabilities
2022-04-28 12:00:00

EPSS

0.002

Percentile

62.2%

JSON
Related for CVELIST:CVE-2020-2509
attackerkb1openvas3cisa_kev1nessus1prion1nvd1cve1threatpost1rapid7blog1ics1