CVE-2017-13071

CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.9%

top 24.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Video Station

Timeline

PublishedNov 22

Latest updateMay 17

Description

QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5qnap/video_stationVideo Station 5.1.3 (for QTS 4.3.3), 5. 2.0 (for QTS 4.3.4), and earlier

▶NVDqnap/video_station5.1.3, 5.2.0+1

🔴Vulnerability Details

GHSA

GHSA-3666-cq3x-qwx9: QNAP has already patched this vulnerability↗2022-05-17

▶

CVEList

CVE-2017-13071: QNAP has already patched this vulnerability↗2017-11-22

▶