Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR
Vulnerability Description
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
QNAP Systems QTS 和 QuTS hero 命令注入漏洞
Vulnerability Description
QNAP Systems QTS是中国威联通科技(QNAP Systems)公司的一个入门到中阶QNAP NAS 使用的操作系统。 QNAP Systems QTS 和 QuTS hero 存在命令注入漏洞,该漏洞源于允许经过身份验证的远程用户通过易受攻击的QNAP设备执行任意命令,攻击者利用该漏洞可以获取密钥等,以下产品和版本受到影响:QTS 5.0.1.2346及之前版本、QuTS hero h5.0.1.234及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A