CVE-2018-0712Command Injection in Qnap QTS

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.0%
top 13.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap QTSQnap Ldap Server IN QTS
Timeline
PublishedJun 21
Latest updateMay 13

Description

Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5qnap/ldap_server_in_qtsLDAP Server in QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions
NVDqnap/qts4.3.4+2

🔴Vulnerability Details

2
GHSA
GHSA-66p6-q85w-xp92: Command injection vulnerability in LDAP Server in QNAP QTS 42022-05-13
CVEList
CVE-2018-0712: Command injection vulnerability in LDAP Server in QNAP QTS 42018-06-21
CVE-2018-0712 — Command Injection in Qnap QTS | cvebase