CVE-2020-25847 Command Injection Vulnerability in QTS and QuTS hero

🗓️ 29 Dec 2020 07:10:13Reported by twcertType

Command Injection Vulnerability in QTS and QuTS hero allows arbitrary command executio

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the QTS and QuTS operating systems lies in the lack of measures taken to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary code.	20 Jan 202100:00	–	bdu_fstec
Circl	CVE-2020-25847	29 Dec 202012:29	–	circl
CNNVD	Qnap Systems QNAP QTS and QNAP Systems QUTS Hero Command Injection Vulnerabilities	29 Dec 202000:00	–	cnnvd
CVE	CVE-2020-25847	29 Dec 202007:10	–	cve
EUVD	EUVD-2020-18480	7 Oct 202500:30	–	euvd
NCSC	Vulnerability fixed in QNAP QTS	29 Dec 202000:00	–	ncsc
NVD	CVE-2020-25847	29 Dec 202007:15	–	nvd
OpenVAS	QNAP QTS Command Injection Vulnerability (QSA-20-20)	18 Jan 202100:00	–	openvas
OSV	CVE-2020-25847	29 Dec 202007:15	–	osv
Prion	Command injection	29 Dec 202007:15	–	prion

[
  {
    "platforms": [
      "build 20201123"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.5.1.1495",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200930"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThanOrEqual": "4.4.3.1444",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "status": "unaffected",
        "version": "4.3.x"
      },
      {
        "status": "unaffected",
        "version": "4.2.x"
      }
    ]
  },
  {
    "platforms": [
      "build 20201119"
    ],
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h4.5.1.1491",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-20-20

29 Dec 2020 07:10Current

9.1High risk

Vulners AI Score9.1

CVSS 3.18.8

EPSS0.0255