CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
54.7%
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later
Vendor | Product | Version | CPE |
---|---|---|---|
qnap | qts | * | cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:* |
qnap | qts | * | cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* |
qnap | qts | 4.2.6 | cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:* |
qnap | qts | 4.2.6 | cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:* |
qnap | qts | 4.2.6 | cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:* |
qnap | qts | 4.2.6 | cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:* |
qnap | qts | 4.2.6 | cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:* |
qnap | qts | 4.2.6 | cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:* |
qnap | qts | 4.2.6 | cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:* |
qnap | qts | 4.2.6 | cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
54.7%