CVE-2021-34352

Summary

A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.QVRunspecified < 5.1.5 build 20210902affected

Weaknesses

  • CWE-78: CWE-78

ADP Enrichment

CVE Program Container

Additional References

References