CVE-2017-7876
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503
- https://www.qnap.com/en/release-notes/qts/4.2.6/20170517
- https://www.qnap.com/zh-tw/security-advisory/nas-201707-12
References
- https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503
- https://www.qnap.com/en/release-notes/qts/4.2.6/20170517
- https://www.qnap.com/zh-tw/security-advisory/nas-201707-12
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.