This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HQnap Qts
OSQnap4.2.64.3.3.08684.3.3.09984.3.4.08994.3.4.10294.3.6.08954.3.6.09074.3.6.09234.3.6.09444.3.6.09594.3.6.09794.3.6.09934.3.6.10134.3.6.10334.4.1.0948+ 10 więcej
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Powiązane podatności
CVE-2022-27593CRITICAL10.0⚠ KEVten sam produkt
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...
CVE-2021-28799CRITICAL10.0⚠ KEVten sam produkt
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync...
CVE-2020-2509CRITICAL9.8⚠ KEVten sam produkt
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerabil...
CVE-2018-19949CRITICAL9.8⚠ KEVten sam produkt
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNA...
CVE-2019-7194CRITICAL9.8⚠ KEVten sam produkt
This external control of file name or path vulnerability allows remote attackers to access or modify system fi...