Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection Vulnerability in QTS
Vulnerability Description
A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.3.6.1663 Build 20210504; versions prior to 4.3.3.1624 Build 20210416. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. QNAP Systems Inc. QuTS hero h4.5.3. QNAP Systems Inc. QuTScloud c4.5.5.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Qnap Systems QNAP QTS 操作系统命令注入漏洞
Vulnerability Description
Qnap Systems QNAP QTS是中国威联通(Qnap Systems)公司的一款类似SAN存储架构的数据存储设备。该设备支持分层存储、镜像保护等保障功能。 QNAP QTS 存在操作系统命令注入漏洞,该漏洞源于输入验证不当。以下产品及版本受到影响:QNAP QTS: before 4.5.3.1652 20210428 。
CVSS Information
N/A
Vulnerability Type
N/A