Lucene search

QnapCVELIST:CVE-2021-34349

HistorySep 27, 2021 - 12:00 a.m.

CVE-2021-34349 Command Injection Vulnerability in QVR

2021-09-2700:00:00

CWE-78

qnap

www.cve.org

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later

CNA Affected

[
  {
    "product": "QVR",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.5 build 20210803",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-35

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVELIST:CVE-2021-34349