Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-2509
HistoryApr 17, 2021 - 4:15 a.m.

CVE-2020-2509

2021-04-1704:15:11
CWE-78
CWE-77
[email protected]
web.nvd.nist.gov
5
command injection
qts
quts hero
arbitrary commands
fixed versions

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.2%

JSON

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later

Affected configurations

Nvd
Node
qnapqtsRange<4.2.6
OR
qnapqtsRange4.3.54.3.6
OR
qnapqtsRange4.4.04.5.1
OR
qnapqtsMatch4.2.6-
OR
qnapqtsMatch4.2.6build_20170517
OR
qnapqtsMatch4.2.6build_20190322
OR
qnapqtsMatch4.2.6build_20190730
OR
qnapqtsMatch4.2.6build_20190921
OR
qnapqtsMatch4.2.6build_20191107
OR
qnapqtsMatch4.2.6build_20200109
OR
qnapqtsMatch4.2.6build_20200421
OR
qnapqtsMatch4.2.6build_20200611
OR
qnapqtsMatch4.2.6build_20200821
OR
qnapqtsMatch4.3.3.0174
OR
qnapqtsMatch4.3.3.0868
OR
qnapqtsMatch4.3.3.0998
OR
qnapqtsMatch4.3.3.1051
OR
qnapqtsMatch4.3.3.1098
OR
qnapqtsMatch4.3.3.1161
OR
qnapqtsMatch4.3.3.1252
OR
qnapqtsMatch4.3.3.1315
OR
qnapqtsMatch4.3.3.1386
OR
qnapqtsMatch4.3.3.1432
OR
qnapqtsMatch4.3.4.0358
OR
qnapqtsMatch4.3.4.0358beta1
OR
qnapqtsMatch4.3.4.0370
OR
qnapqtsMatch4.3.4.0370beta1
OR
qnapqtsMatch4.3.4.0372
OR
qnapqtsMatch4.3.4.0372beta1
OR
qnapqtsMatch4.3.4.0374
OR
qnapqtsMatch4.3.4.0374beta1
OR
qnapqtsMatch4.3.4.0387
OR
qnapqtsMatch4.3.4.0387beta2
OR
qnapqtsMatch4.3.4.0411
OR
qnapqtsMatch4.3.4.0416
OR
qnapqtsMatch4.3.4.0427
OR
qnapqtsMatch4.3.4.0434
OR
qnapqtsMatch4.3.4.0435
OR
qnapqtsMatch4.3.4.0451
OR
qnapqtsMatch4.3.4.0483
OR
qnapqtsMatch4.3.4.0486
OR
qnapqtsMatch4.3.4.0506
OR
qnapqtsMatch4.3.4.0516
OR
qnapqtsMatch4.3.4.0526
OR
qnapqtsMatch4.3.4.0551
OR
qnapqtsMatch4.3.4.0557
OR
qnapqtsMatch4.3.4.0561
OR
qnapqtsMatch4.3.4.0569
OR
qnapqtsMatch4.3.4.0593
OR
qnapqtsMatch4.3.4.0597
OR
qnapqtsMatch4.3.4.0604
OR
qnapqtsMatch4.3.4.0899
OR
qnapqtsMatch4.3.4.1029
OR
qnapqtsMatch4.3.4.1082
OR
qnapqtsMatch4.3.4.1190
OR
qnapqtsMatch4.3.4.1282
OR
qnapqtsMatch4.3.4.1368
OR
qnapqtsMatch4.3.4.1417
OR
qnapqtsMatch4.3.4.1463
OR
qnapqtsMatch4.3.6-
OR
qnapqtsMatch4.3.6.0895
OR
qnapqtsMatch4.3.6.0907
OR
qnapqtsMatch4.3.6.0923
OR
qnapqtsMatch4.3.6.0944
OR
qnapqtsMatch4.3.6.0959
OR
qnapqtsMatch4.3.6.0979
OR
qnapqtsMatch4.3.6.0993
OR
qnapqtsMatch4.3.6.1013
OR
qnapqtsMatch4.3.6.1033
OR
qnapqtsMatch4.3.6.1070
OR
qnapqtsMatch4.3.6.1154
OR
qnapqtsMatch4.3.6.1218
OR
qnapqtsMatch4.3.6.1263
OR
qnapqtsMatch4.3.6.1286
OR
qnapqtsMatch4.3.6.1333
OR
qnapqtsMatch4.3.6.1411
OR
qnapqtsMatch4.3.6.1446
OR
qnapqtsMatch4.5.1-
OR
qnapqtsMatch4.5.1.1456
OR
qnapqtsMatch4.5.1.1461
OR
qnapqtsMatch4.5.1.1465
OR
qnapqtsMatch4.5.1.1480
OR
qnapqtsMatch4.5.2-
OR
qnapquts_heroRange<h4.5.1
OR
qnapquts_heroMatchh4.5.1-
OR
qnapquts_heroMatchh4.5.1.1472

Related

attackerkb 1
openvas 3
nessus 1
cisa_kev 1
prion 1
cvelist 1
cve 1
threatpost 1
rapid7blog 1
ics 1
attackerkb
attackerkb
CVE-2020-2509
2021-04-16 00:00:00
openvas
openvas
QNAP QTS Command Injection Vulnerability (QSA-21-05)
2021-04-19 00:00:00
QNAP QTS 4.5.x Command Injection Vulnerability (CVE-2020-2509)
2021-04-07 00:00:00
QNAP QTS < 4.3.6.1620 Build 20210322 Multiple Vulnerabilities
2021-04-07 00:00:00
nessus
nessus
QNAP QTS / QuTS hero Command Injection (QSA-21-05)
2022-04-19 00:00:00
cisa_kev
cisa_kev
QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
2022-04-11 00:00:00
prion
prion
Command injection
2021-04-17 04:15:00
cvelist
cvelist
CVE-2020-2509 Command Injection Vulnerability in QTS and QuTS hero
2021-04-16 00:00:00
cve
cve
CVE-2020-2509
2021-04-17 04:15:11
threatpost
threatpost
Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack
2021-04-01 19:53:04
rapid7blog
rapid7blog
QNAP Poisoned XML Command Injection (Silently Patched)
2022-08-04 14:43:45
ics
ics
2021 Top Routinely Exploited Vulnerabilities
2022-04-28 12:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.2%

JSON
Related for NVD:CVE-2020-2509
attackerkb1openvas3nessus1cisa_kev1prion1cvelist1cve1threatpost1rapid7blog1ics1