CVE-2017-7876

CRITICAL

10.0

CVSS 3.1

Description

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.

Metadata

CVE ID: CVE-2017-7876
State: PUBLISHED
Assigner: mitre
Reserved: 2017-04-14 00:00 UTC
Published: 2017-06-15 20:00 UTC
Last updated: 2024-08-05 16:19 UTC
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (3)

https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503
https://www.qnap.com/en/release-notes/qts/4.2.6/20170517
https://www.qnap.com/zh-tw/security-advisory/nas-201707-12

Back to overview