Overview
- Description
- If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
- Source
- security@qnapsecurity.com.tw
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Known exploits
Data from CISA
- Vulnerability name
- QNAP NAS File Station Command Injection Vulnerability
- Exploit added on
- May 24, 2022
- Exploit action due
- Jun 14, 2022
- Required action
- Apply updates per vendor instructions.
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3777F6CC-9189-4BC0-B336-62BA1EFB91A7",
"versionEndExcluding": "4.2.6"
},
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCF2E9D3-12C2-4A5A-BC1D-F2C007303805",
"versionEndExcluding": "4.3.3.1161",
"versionStartIncluding": "4.3.1.0013"
},
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26B1C1D9-D91E-4C02-87A2-1EDE2AB4B0BF",
"versionEndExcluding": "4.3.4.1190",
"versionStartIncluding": "4.3.4"
},
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A213877-D365-46DB-BDA1-4DAA020AF84A",
"versionEndExcluding": "4.3.6.1218",
"versionStartIncluding": "4.3.6"
},
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F902AFED-E51B-42F2-85BD-DB0B19B8C7DB",
"versionEndExcluding": "4.4.1.1201",
"versionStartIncluding": "4.4.0"
},
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BF6E081-B28B-4A26-BA59-EB7A66099360",
"versionEndExcluding": "4.4.2.1231",
"versionStartIncluding": "4.4.2"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D3B1E3A-C9E9-4BB8-8BFC-AE1258722F85"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F523E9F-D101-4C29-A624-74E1F3F8CB7D"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1388DBE0-F6BB-44AB-81AC-BFB4E70BE820"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF3C4461-C1B6-43A1-BA5E-D6658EFD06EE"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1F11848-6FED-4D58-A177-36D280C0347C"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6259C86-FFDA-40E8-AF0C-33CC8C108DC9"
}
],
"operator": "OR"
}
]
}
]