CVE-2021-44051 — Command Injection in Systems INC QTS

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

1.2%

top 21.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Quts Hero Qnap Systems INC Qutscloud +3 more

Timeline

PublishedMay 5

Latest updateMay 6

Description

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶NVDqnap/quts_heroh5.0.0.1772 — h5.0.0.1986+1

▶NVDqnap/qutscloud< c5.0.1.1998

▶CVEListV5qnap_systems_inc/quts_herounspecified — h5.0.0.1986 build 20220324

▶CVEListV5qnap_systems_inc/qutscloudunspecified — c5.0.1.1949

▶NVDqnap/qts5.0.0.1716 — 5.0.0.1986+5

🔴Vulnerability Details

GHSA

GHSA-hp68-q6cw-rc79: A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS↗2022-05-06

▶

CVEList

Command injection↗2022-05-05

▶