Skip to main content

Sanos

7 CVEs product

Monthly

CVE-2021-32535 CRITICAL Act Now

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sanos
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-32534 CRITICAL Act Now

QSAN SANOS factory reset function does not filter special parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-32533 CRITICAL Act Now

The QSAN SANOS setting page does not filter special parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-32529 CRITICAL Act Now

Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos Xevo
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-32522 CRITICAL Act Now

Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sanos Storage Manager Xevo
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-32521 CRITICAL Act Now

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sanos Storage Manager Xevo
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-32519 HIGH This Week

Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sanos Storage Manager Xevo
NVD
CVSS 3.1
7.5
EPSS
0.9%
EPSS 1% CVSS 9.8
CRITICAL Act Now

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sanos
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

QSAN SANOS factory reset function does not filter special parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The QSAN SANOS setting page does not filter special parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos Xevo
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sanos Storage Manager +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sanos Storage Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sanos Storage Manager +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy