Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-44051
HistoryMay 05, 2022 - 5:15 p.m.

CVE-2021-44051

2022-05-0517:15:10
CWE-77
[email protected]
web.nvd.nist.gov
4
vulnerability
qnap nas
command injection
remote attackers
arbitrary commands
qutscloud
quts hero
qts
fixed

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.7%

JSON

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later

Affected configurations

Nvd
Node
qnapqtsRange5.0.0.17165.0.0.1986
OR
qnapqtsRange4.3.3.01744.3.3.1945
OR
qnapqtsRange4.3.4.08994.3.4.1976
OR
qnapqtsRange4.3.6.08954.3.6.1965
OR
qnapqtsRange4.4.0.08834.5.4.1991
OR
qnapqtsMatch4.2.6build_20170517
OR
qnapqtsMatch4.2.6build_20190322
OR
qnapqtsMatch4.2.6build_20190730
OR
qnapqtsMatch4.2.6build_20190921
OR
qnapqtsMatch4.2.6build_20191107
OR
qnapqtsMatch4.2.6build_20200109
OR
qnapqtsMatch4.2.6build_20200421
OR
qnapqtsMatch4.2.6build_20200611
OR
qnapqtsMatch4.2.6build_20200821
OR
qnapqtsMatch4.2.6build_20210327
OR
qnapqtsMatch4.2.6build_20211215
OR
qnapquts_heroRange<h4.5.4.1771
OR
qnapquts_heroRangeh5.0.0.1772h5.0.0.1986
OR
qnapqutscloudRange<c5.0.1.1998
VendorProductVersionCPE
qnapqts*cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:*
qnapqts*cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
qnapqts4.2.6cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*
qnapqts4.2.6cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*
qnapqts4.2.6cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*
qnapqts4.2.6cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*
qnapqts4.2.6cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*
qnapqts4.2.6cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*
qnapqts4.2.6cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*
qnapqts4.2.6cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*
Rows per page:
1-10 of 151

Related

cvelist 1
prion 1
cve 1
openvas 3
thn 1
cvelist
cvelist
CVE-2021-44051 Command injection
2022-05-05 16:50:20
prion
prion
Command injection
2022-05-05 17:15:00
cve
cve
CVE-2021-44051
2022-05-05 17:15:10
openvas
openvas
QNAP QuTS hero Multiple Vulnerabilities (QSA-22-16)
2022-05-30 00:00:00
QNAP QuTScloud Multiple Vulnerabilities (QSA-22-16)
2022-05-30 00:00:00
QNAP QTS Multiple Vulnerabilities (QSA-22-16)
2022-05-06 00:00:00
thn
thn
QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices
2022-05-07 03:20:00

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.7%

JSON
Related for NVD:CVE-2021-44051
cvelist1prion1cve1openvas3thn1