2 matches found
CVE-2021-38685 Command Injection Vulnerability in VioStor
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later...
CVE-2021-38685
CVE-2021-38685 is a remote command-injection vulnerability affecting QNAP VioStor/NVR software (QVR). The issue allows an unauthenticated remote attacker to execute arbitrary commands, with high impact on confidentiality, integrity, and availability (CVSS v3.1 base score 9.8). Affected fix: firmw...