Описание
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.5 (исключая)
cpe:2.3:a:qnap:qvr:*:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.04181
Низкий
7.2 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
CWE-77
Связанные уязвимости
github
больше 3 лет назад
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later
EPSS
Процентиль: 88%
0.04181
Низкий
7.2 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
CWE-77