Skip to main content

Qts CVE-2020-2490

HIGH
Command Injection (CWE-77)
2020-11-16 security@qnapsecurity.com.tw
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 16, 2020 - 01:15 nvd
HIGH 7.2

DescriptionNVD

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.

AnalysisAI

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. Affected products include: Qnap Qts. Version information: prior to 4.4.3.1421.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

More in Qts

View all
CVE-2017-6361 CRITICAL POC
9.8 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. Rated criti

CVE-2017-6360 CRITICAL POC
9.8 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information

CVE-2017-13067 CRITICAL POC
9.8 Sep 14

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.

CVE-2017-6359 CRITICAL POC
9.8 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands vi

CVE-2017-5227 HIGH POC
7.5 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by

CVE-2017-7876 CRITICAL POC
10.0 Jun 15

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. R

CVE-2019-7193 CRITICAL POC
9.8 Dec 05

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. Rated criti

CVE-2023-39296 HIGH POC
7.5 Jan 05

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high sever

CVE-2017-17028 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 2

CVE-2017-17033 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117

CVE-2017-17032 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117

CVE-2017-17031 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117

Share

CVE-2020-2490 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy