CVE-2018-14746

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
3.5%
top 12.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Qnap QTSQnap QTS
Timeline
PublishedNov 28
Latest updateMay 13

Description

Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDqnap/qts4 versions+3
CVEListV5qnap/qnap_qtsQTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions

🔴Vulnerability Details

2
GHSA
GHSA-mh4r-8qmm-p5vv: Command Injection vulnerability in QTS 42022-05-13
CVEList
CVE-2018-14746: Command Injection vulnerability in QTS 42018-11-28
CVE-2018-14746 (CRITICAL CVSS 9.8) | Command Injection vulnerability in | cvebase.io