CVE-2019-7198Command Injection in Systems INC QTS

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.1%
top 13.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap QTS+1 more
Timeline
PublishedDec 10
Latest updateMay 24

Description

This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDqnap/quts_hero< h4.5.1.1472
CVEListV5qnap_systems_inc/quts_hero< h4.5.1.1472
NVDqnap/qts< 4.4.3.1354+1
CVEListV5qnap_systems_inc/qts< 4.5.1.1456+1

🔴Vulnerability Details

2
GHSA
GHSA-rxjr-qfmr-c739: This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application2022-05-24
CVEList
Command Injection Vulnerability in QTS and QuTS hero2020-12-10
CVE-2019-7198 — Command Injection in Systems INC QTS | cvebase