HIGH✓ PATCH🇬🇧 English

CVE-2021-28812

CVSS 8.8v3.1pub. 2021-06-03upd. 2024-11-21

A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Qnap Qts

    OS
    Qnap
    4.5.2
  • Qnap Qutscloud

    OS
    Qnap
    c4.5.4
  • Qnap Quts Hero

    OS
    Qnap
    h4.5.2
  • Qnap Video Station

    APP
    Qnap
    < 5.5.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2022-27593CRITICAL10.0⚠ KEVten sam produkt

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...

CVE-2021-28799CRITICAL10.0⚠ KEVten sam produkt

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync...

CVE-2020-2509CRITICAL9.8⚠ KEVten sam produkt

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerabil...

CVE-2018-19949CRITICAL9.8⚠ KEVten sam produkt

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNA...

CVE-2019-7194CRITICAL9.8⚠ KEVten sam produkt

This external control of file name or path vulnerability allows remote attackers to access or modify system fi...