Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection Vulnerabilities in QTS and QuTS hero
Vulnerability Description
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
多款 Qnap 产品操作系统命令注入漏洞
Vulnerability Description
Qnap Systems QNAP QTS是中国Qnap Systems公司的一款类似SAN存储架构的数据存储设备。该设备支持分层存储、镜像保护等保障功能。QNAP Systems QUTS Hero是中国QNAP Systems公司的一款用于管理文件的NAS操作系统。该系统保留了QTS的应用生态,整合更强大的128位ZFS文件系统,为企业提供更稳定可靠的NAS存储解决方案。 多款 Qnap 产品中存在操作系统命令注入漏洞,该漏洞源于系统未对用户输入数据做有效的安全检查,攻击者可通过该漏洞执行系统命令。以
CVSS Information
N/A
Vulnerability Type
N/A