Overview
- Description
- A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later
- Source
- security@qnapsecurity.com.tw
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Known exploits
Data from CISA
- Vulnerability name
- QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
- Exploit added on
- Apr 11, 2022
- Exploit action due
- May 2, 2022
- Required action
- Apply updates per vendor instructions.
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3777F6CC-9189-4BC0-B336-62BA1EFB91A7",
"versionEndExcluding": "4.2.6"
},
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E4CE6D6-F834-4B65-ADF9-E83C31270788",
"versionEndExcluding": "4.3.6",
"versionStartIncluding": "4.3.5"
},
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70A079A5-D3A6-408A-830E-4B5F3BA07EFA",
"versionEndExcluding": "4.5.1",
"versionStartIncluding": "4.4.0"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D3B1E3A-C9E9-4BB8-8BFC-AE1258722F85"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F523E9F-D101-4C29-A624-74E1F3F8CB7D"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1388DBE0-F6BB-44AB-81AC-BFB4E70BE820"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF3C4461-C1B6-43A1-BA5E-D6658EFD06EE"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1F11848-6FED-4D58-A177-36D280C0347C"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6259C86-FFDA-40E8-AF0C-33CC8C108DC9"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E01E157-BDF1-4B00-BA9B-6887C0C7DFF2"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D1E5368-9587-4E0A-BB65-D88069CA8490"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B63CE419-871C-4866-8AB1-4BB6461E1D74"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "886A71D1-9615-47A5-B3C2-CBC6F02961A4"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0174:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB10F6C0-7CB4-49D2-A1F7-9F3387CD1271"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0868:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1931A1D6-C1E6-410A-9F9E-9FD949D42C58"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.0998:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77FFA90F-FDFA-4B73-960F-BEE7A92DB6BA"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1051:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "491E9EA6-45FC-4D65-9C4E-AB62095DC861"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1098:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "264B823B-E086-464E-A740-68BFB0AB8650"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1161:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5675D7E-1332-445B-BE5A-0506E765E99A"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1252:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC246E80-7A88-4D91-989B-2922C70B1378"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1315:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8D69E0D-84C1-4988-9D73-2D3F511748D0"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1386:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F583384-38B8-4BB8-A957-BC6DBC145AEE"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3.1432:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7D05B71-CAF6-416F-BF92-AB4934474F26"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0358:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1598EB2-E1B4-472F-909F-2C47618EE884"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0358:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D560B30D-6A9F-4A44-B83B-4FAB02A94830"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0370:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A09397C1-338B-499C-BFB5-B758B4FF9617"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0370:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACB33269-7F69-45DA-9CF0-B0322FFC577D"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0372:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B2D3D89-414E-46AA-8B02-B5FE969508D3"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0372:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CABE783-B9CA-4E15-8DC2-75C39F214600"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0374:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46505B7D-7CF7-4EF0-B52E-18531BF33675"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0374:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8B39FE2-79A9-478C-AE83-8D9664A6D1F8"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0387:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B29246B7-AA5B-4BB2-B096-6B2798420FC8"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0387:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEA6AF09-BCB3-45EE-A59F-5A6CEFE8CBAC"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0411:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D339C9BA-E6DA-4116-B6E0-1C25F047FFFD"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0416:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69859698-F815-489E-A08D-F1E2987C3F7D"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0427:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7BCBB16-EAAA-4184-B94C-3E2354BB4D50"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0434:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55B35E45-D2B2-45D0-A018-002E5CACEB26"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0435:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7DFA308-8071-4F4E-9457-2BBDF455D861"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0451:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94F95C29-9AB4-4204-831B-075413055289"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0483:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F556C8A6-8595-4207-93BF-2B1E8EEB2196"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0486:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F10A372-65BB-4FD6-940E-671022385757"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0506:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF9514B2-C366-418E-9659-8501ABD6E367"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0516:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "995F09C6-D7C2-493D-815E-E837B371E2E5"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0526:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BCCA5A5-C789-42FE-8652-F03618F095BE"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0551:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3230EF50-B2CC-4A4D-B353-7BE461BB235D"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0557:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DC8B14B-3882-44C4-9CE8-C5D6FC0BE00A"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0561:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D30204B8-097B-42EB-A7EC-9142F7D41EB0"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0569:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "945AE50D-8745-42B2-9B89-04B21C98657B"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0593:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BD98EC7-C26E-4AAB-AC6C-56A82C8C2432"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0597:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FDBAE33-D3A8-46C7-8C4E-CB0C12ED08B0"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0604:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A99818FC-0BC5-45A9-AD55-C02FC0AB1959"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.0899:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98DCB45E-6024-4BB6-A40A-1CB871343930"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1029:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "485AF3DC-126D-464C-A6ED-59746031BCC5"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1082:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1AF22BA-1772-4BFC-8BC1-3D626E14288F"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1190:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD0B2AE2-22D3-4E7A-9F0B-85E8DB82C632"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1282:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "483FE324-D554-4F10-B6A6-F2C7818FFB83"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1368:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB49B315-B381-47CD-AB70-A5D1DC7649E6"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1417:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB92648C-7555-44B7-B35A-F1F1089B4740"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.4.1463:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CB16CBC-B3E1-43B1-91C7-0C183DF01B2F"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0E214BD-DC96-4B53-9BE7-8DD8F79B4542"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0895:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1AB2488-4D3D-494B-9C93-1AA3C7964644"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0907:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C24D008-D055-4A2C-88D4-85FB6DC45EFE"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0923:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B64D1A6D-D306-46B8-B345-3D9C38544761"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0944:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "067C0A13-525C-4376-A6CC-0B86F7F92670"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0959:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BAE62E0-5FA0-4B9F-ACCA-9C8C70AC1F2C"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0979:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6023A8C-77A8-4B79-ACC6-872E98CA0D29"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.0993:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAA72D06-4FE1-4DC3-A96B-2975A4A9AF84"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1013:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CD59BCF-E119-4910-90CE-DCA212D146F5"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1033:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8F01168-A599-480D-BEB1-FA0195B696E6"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1070:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "732218C9-0DD1-4153-BBC4-F9B8DDE03456"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1154:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEE80D8E-69F2-4AEB-85E1-1B4E64234A45"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1218:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CC2FD13-427C-465C-A829-44224537B6D8"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1263:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15182D24-932E-4CC1-A791-DDFCF8B88C49"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1286:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC7B2F4D-4FB2-4DC2-AE97-C6F3081A9A73"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1333:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EB3E4B8-CF05-4EE2-A0DD-53FD50145893"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1411:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45C0ADAF-C42E-44EC-96B9-A8EA33AAB67D"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6.1446:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4A24254-768F-4538-9DD8-26DCDEECF7CF"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.5.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58596171-5A5E-4295-A987-DB29944F5877"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.5.1.1456:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00084D65-D5B3-4554-AA27-5B4A488845C9"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.5.1.1461:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A06FF7A8-3932-489B-B2A5-D6E56220A806"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.5.1.1465:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FE2D3BD-2743-47E3-96E2-7C7C75439946"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.5.1.1480:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90D78F2B-5951-4B67-BD92-0E82757FD903"
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.5.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D430FFFE-EEC5-4CA5-A70F-002F33019CDA"
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE4F1063-2A90-42A8-95A9-FD3D0FD4618F",
"versionEndExcluding": "h4.5.1"
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA4BA3AA-5273-431B-BCC1-F1CACA27AF53"
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.1.1472:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9E7923D-8C17-4EFE-883B-829215359E3B"
}
],
"operator": "OR"
}
]
}
]