Qunetswitch
Monthly
Remote command execution in QuNetSwitch versions prior to 2.0.4.0415 allows unauthenticated attackers to execute arbitrary system commands over the network with no user interaction required. The vulnerability stems from improper input validation in command processing functions, enabling complete system compromise. No patch is currently available for affected versions.
QuNetSwitch contains hard-coded credentials that allow remote attackers to bypass authentication and gain unauthorized access to affected systems. This vulnerability affects QuNetSwitch versions prior to 2.0.5.0906, where credentials are embedded in the application code rather than properly managed through secure credential storage mechanisms. Remote attackers can exploit this weakness without requiring valid user credentials, leading to complete compromise of the network switch management interface.
Command injection in QuNetSwitch allows authenticated remote attackers to execute arbitrary commands on affected systems with high impact to confidentiality and integrity. The vulnerability requires valid user credentials to exploit but poses significant risk to systems running versions prior to 2.0.5.0906. No patch is currently available for this CVSS 6.3 medium-severity issue.
Arbitrary command execution in QuNetSwitch can be achieved by local attackers with administrator privileges due to insufficient input validation in command processing. This vulnerability affects QuNetSwitch versions prior to 2.0.5.0906, allowing authenticated high-privilege users to bypass security controls and execute system commands. No patch is currently available for affected versions.
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Remote command execution in QuNetSwitch versions prior to 2.0.4.0415 allows unauthenticated attackers to execute arbitrary system commands over the network with no user interaction required. The vulnerability stems from improper input validation in command processing functions, enabling complete system compromise. No patch is currently available for affected versions.
QuNetSwitch contains hard-coded credentials that allow remote attackers to bypass authentication and gain unauthorized access to affected systems. This vulnerability affects QuNetSwitch versions prior to 2.0.5.0906, where credentials are embedded in the application code rather than properly managed through secure credential storage mechanisms. Remote attackers can exploit this weakness without requiring valid user credentials, leading to complete compromise of the network switch management interface.
Command injection in QuNetSwitch allows authenticated remote attackers to execute arbitrary commands on affected systems with high impact to confidentiality and integrity. The vulnerability requires valid user credentials to exploit but poses significant risk to systems running versions prior to 2.0.5.0906. No patch is currently available for this CVSS 6.3 medium-severity issue.
Arbitrary command execution in QuNetSwitch can be achieved by local attackers with administrator privileges due to insufficient input validation in command processing. This vulnerability affects QuNetSwitch versions prior to 2.0.5.0906, allowing authenticated high-privilege users to bypass security controls and execute system commands. No patch is currently available for affected versions.
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.