CVE-2022-27588Command Injection in Systems INC QVR

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 23.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QVRQnap QVR
Timeline
PublishedMay 5
Latest updateMay 6

Description

We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5qnap_systems_inc/qvrunspecified5.1.6 build 20220401
NVDqnap/qvr5.1.6

🔴Vulnerability Details

2
GHSA
GHSA-8cr8-x534-x73j: We have already fixed this vulnerability in the following versions of QVR: QVR 52022-05-06
CVEList
Vulnerability in QVR2022-05-05
CVE-2022-27588 — Command Injection in Systems INC QVR | cvebase