Lucene search

QnapCVELIST:CVE-2021-38685

HistoryNov 26, 2021 - 2:00 p.m.

CVE-2021-38685 Command Injection Vulnerability in VioStor

2021-11-2614:00:13

CWE-78

qnap

www.cve.org

cve-2021-38685

viostor

command injection

qnap

qvr fw 5.1.6

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later

CNA Affected

[
  {
    "product": "QVR",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "QVR FW 5.1.6 build 20211109",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-51

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

Related for CVELIST:CVE-2021-38685