Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection Vulnerability in VioStor
Vulnerability Description
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Qnap Qvr 操作系统命令注入漏洞
Vulnerability Description
Qnap Qvr是中国威联通科技(Qnap)公司的一个Qnap监控系统控制中心。 QNAP 设备 VioStor 存在操作系统命令注入漏洞,该漏洞允许远程攻击者运行任意命令。我们已经在以下 QVR 版本中修复了此漏洞:QVR FW 5.1.6 build 20211109 及更高版本。
CVSS Information
N/A
Vulnerability Type
N/A