CVE-2021-28800
Last modified
CVE-2021-28800 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. EPSS estimates a 1.43% chance of exploitation in the next 30 days.
Description
A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.3.6.1663 Build 20210504; versions prior to 4.3.3.1624 Build 20210416. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. QNAP Systems Inc. QuTS hero h4.5.3. QNAP Systems Inc. QuTScloud c4.5.5.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Qts | < 4.3.3.1624 |
| Qnap | Qts | >= 4.3.4, < 4.3.6.1663 |
References
- https://www.qnap.com/zh-tw/security-advisory/qsa-21-28Vendor Advisory
- https://www.qnap.com/zh-tw/security-advisory/qsa-21-28Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-28800?
How severe is CVE-2021-28800?
How do I fix CVE-2021-28800?
Are you affected by CVE-2021-28800?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST