Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection Vulnerability in QTS and QuTS hero
Vulnerability Description
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
威联通 QNAP Systems QUTS Hero 命令注入漏洞
Vulnerability Description
QNAP Systems QUTS Hero是中国威联通(QNAP Systems)公司的一款用于管理文件的NAS操作系统。该系统保留了QTS的应用生态,整合更强大的128位ZFS文件系统,为企业提供更稳定可靠的NAS存储解决方案。 QANP 多款产品存在命令注入漏洞,攻击者可利用该漏洞在证书配置中注入恶意代码。以下产品及版本受到影响:QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later
CVSS Information
N/A
Vulnerability Type
N/A