Описание
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:qnap:qurouter:2.4.0.190:build_20240522:*:*:*:*:*:*
cpe:2.3:o:qnap:qurouter:2.4.1.172:build_20240606:*:*:*:*:*:*
cpe:2.3:o:qnap:qurouter:2.4.1.634:build_20240710:*:*:*:*:*:*
cpe:2.3:o:qnap:qurouter:2.4.2.317:build_20240903:*:*:*:*:*:*
cpe:2.3:o:qnap:qurouter:2.4.2.538:build_20240923:*:*:*:*:*:*
cpe:2.3:o:qnap:qurouter:2.4.3.103:build_20241011:*:*:*:*:*:*
cpe:2.3:o:qnap:qurouter:2.4.4.106:build_20241017:*:*:*:*:*:*
cpe:2.3:o:qnap:qurouter:2.4.5.032:build_20241029:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00202
Низкий
7.2 High
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 7.2
github
11 месяцев назад
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later
EPSS
Процентиль: 42%
0.00202
Низкий
7.2 High
CVSS3
Дефекты
CWE-77