Command injection

2023-11-1015:15:00

PRIOn knowledge base

www.prio-n.com

os command injection

qnap

vulnerability

qts

quts hero

qutscloud

nvd

fix

8.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.2%

JSON

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTScloud c5.1.0.2498 and later

CPENameOperatorVersion
qtseq5.0.1.2346 build-20230322
qtseq5.0.1.2277 build-20230112
qtseq5.0.1.2248 build-20221215
qtseq5.0.1.2234 build-20221201
qtseq5.0.1.2194 build-20221022
qtseq5.0.1.2173 build-20221001
qtseq5.0.1.2145 build-20220903
qtseq5.0.1.2137 build-20220826
qtseq5.0.1.2131 build-20220820
qtseq5.0.1.2079 build-20220629

Name	Operator	Version
qts	eq	5.0.1.2346 build-20230322
qts	eq	5.0.1.2277 build-20230112
qts	eq	5.0.1.2248 build-20221215
qts	eq	5.0.1.2234 build-20221201
qts	eq	5.0.1.2194 build-20221022
qts	eq	5.0.1.2173 build-20221001
qts	eq	5.0.1.2145 build-20220903
qts	eq	5.0.1.2137 build-20220826
qts	eq	5.0.1.2131 build-20220820
qts	eq	5.0.1.2079 build-20220629