Command injection

2024-02-0216:15:00

PRIOn knowledge base

www.prio-n.com

command injection

qnap

operating system

vulnerability

fixed versions

authenticated administrators

network

7.9 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.4%

JSON

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later

CPENameOperatorVersion
qtseq5.1.0.2348 build-20230325
qtseq4.5.4.2280 build-20230112
qtseq4.5.4.2117 build-20220802
qtseq4.5.4.2012 build-20220419
qtseq4.5.4.1931 build-20220128
qtseq4.5.4.1800 build-20210923
qtseq4.5.4.1787 build-20210910
qtseq4.5.4.1741 build-20210726
qtseq4.5.4.1723 build-20210708
qtseq4.5.4.1715 build-20210630

Name	Operator	Version
qts	eq	5.1.0.2348 build-20230325
qts	eq	4.5.4.2280 build-20230112
qts	eq	4.5.4.2117 build-20220802
qts	eq	4.5.4.2012 build-20220419
qts	eq	4.5.4.1931 build-20220128
qts	eq	4.5.4.1800 build-20210923
qts	eq	4.5.4.1787 build-20210910
qts	eq	4.5.4.1741 build-20210726
qts	eq	4.5.4.1723 build-20210708
qts	eq	4.5.4.1715 build-20210630