CVE-2018-0714

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
5.7%
top 9.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap HelpdeskQnap Helpdesk IN QTS
Timeline
PublishedAug 13
Latest updateMay 13

Description

Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDqnap/helpdesk1.1.21
CVEListV5qnap/helpdesk_in_qtsHelpdesk versions 1.1.21 and earlier in QTS 4.2.6: build 20180531, QTS 4.3.3: build 20180528, QTS 4.3.4: build 20180528 and earlier versions

🔴Vulnerability Details

2
GHSA
GHSA-r8j4-9jg8-cj5q: Command injection vulnerability in Helpdesk versions 12022-05-13
CVEList
CVE-2018-0714: Command injection vulnerability in Helpdesk versions 12018-08-13
CVE-2018-0714 (CRITICAL CVSS 9.8) | Command injection vulnerability in | cvebase.io