CVE-2021-28802

Summary

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217.

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.QTSunspecified < 4.5.1.1540 build 20210107affected
QNAP Systems Inc.QuTS herounspecified < h4.5.1.1582 build 20210217affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References