CVE-2021-34352OS Command Injection in Systems INC QVR

CWE-78OS Command InjectionCWE-77Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
CNA7.2
EPSS
4.2%
top 11.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QVRQnap QVR
Timeline
PublishedOct 1
Latest updateMay 24

Description

A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDqnap/qvr< 5.1.5
CVEListV5qnap_systems_inc/qvrunspecified5.1.5 build 20210902

Patches

Patch: www.qnap.comPatch: www.qnap.com

🔴Vulnerability Details

2
GHSA
GHSA-w526-38c2-jc6q: A command injection vulnerability has been reported to affect QNAP device running QVR2022-05-24
CVEList
Command Injection Vulnerability in QVR2021-10-01
CVE-2021-34352 — OS Command Injection | cvebase