CVE-2021-34348

CWE-78 — OS Command Injection CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.9%

top 24.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems Inc. QVR Qnap QVR

Timeline

PublishedSep 27

Latest updateMay 24

Description

A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDqnap/qvr< 5.1.5

▶CVEListV5qnap_systems_inc./qvrunspecified — 5.1.5 build 20210803

🔴Vulnerability Details

GHSA

GHSA-j4j5-p5q3-mfr7: A command injection vulnerability has been reported to affect QNAP device running QVR↗2022-05-24

▶

CVEList

Command Injection Vulnerability in QVR↗2021-09-27

▶