Command Injection Vulnerability in QNAP QVR

Post author:shashikant redekar
Post published:October 11, 2021
Post category:Cyber Security
Post comments:0 Comments

Original Issue Date: October 07, 2021

Severity Rating: HIGH

Software Affected

QVR 5.1.5 build 20210902 and later

Overview

It has been reported that a command injection vulnerability affects certain QNAP EOL devices running QVR which could allow a remote attacker to run arbitrary commands on the targeted system and compromise the vulnerable system.

Description

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary commands on the target system and may result in complete compromise of the vulnerable system.

Solution

Apply appropriate patch as mentioned in QNAPs advisory:

https://www.qnap.com/en/security-advisory/qsa-21-38

Please Share This Share this content

You Might Also Like

Multiple Vulnerability in Zoom Products

CERT-In Vulnerability Note CIVN-2021-0321

Incorrect Access Control Vulnerability in Joomla

Leave a Reply Cancel reply

Share this content