QTS, QuTS hero

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

N/A

参数注入或修改

QNAP Systems Hero和QNAP Systems QTS 参数注入漏洞

QNAP Systems Hero和QNAP Systems QTS都是中国威联通科技（QNAP Systems）公司的产品。QNAP Systems Hero是一款用于管理文件的NAS操作系统。该系统保留了QTS的应用生态，整合更强大的128位ZFS文件系统，为企业提供更稳定可靠的NAS存储解决方案。QNAP Systems QTS是一个具有数据存储与管理功能的软件。 QNAP Systems Hero和QNAP Systems QTS存在参数注入漏洞，该漏洞源于命令参数分隔符中和不当，可能导致执行逻辑

N/A

N/A