CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-44051 – Command injection
https://notcve.org/view.php?id=CVE-2021-44051
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later Se ha informado de una vulnerabilidad de inyección de comandos que afecta a los NAS de QNAP que ejecutan QuTScloud, QuTS hero y QTS. Si es explotada, esta vulnerabilidad permite a atacantes remotos ejecutar comandos arbitrarios. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QuTScloud, QuTS hero y QTS: QuTScloud c5.0.1.1949 y posteriores QuTS hero h5.0.0.1986 build 20220324 y posteriores QTS 5.0.0.1986 build 20220324 y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-16 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38674 – Reflected XSS Vulnerability in TFTP
https://notcve.org/view.php?id=CVE-2021-38674
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta a QTS, QuTS hero y QuTScloud. Si es explotado, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QTS, QuTS hero y QuTScloud: QuTS hero h4.5.4.1771 build 20210825 y posteriores QTS 4.5.4.1787 build 20210910 y posteriores QuTScloud c4.5.7.1864 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-34362 – Command Injection Vulnerability in Media Streaming Add-on
https://notcve.org/view.php?id=CVE-2021-34362
A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later Se ha informado de una vulnerabilidad de inyección de comandos que afecta al dispositivo QNAP que ejecuta el complemento Media Streaming. Si es explotado, esta vulnerabilidad permite a atacantes remotos ejecutar comandos arbitrarios. Ya hemos corregido esta vulnerabilidad en las siguientes versiones del complemento Media Streaming: QTS 5.0.0: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores QTS 4.5.4: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores QTS 4.3.6: Media Streaming add-on 430.1.8.12 (20/08/2021) y posteriores QTS 4.3.3: Media Streaming add-on 430.1.8.12 (29/09/2021) y posteriores QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-44 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-34343 – Buffer Overflow Vulnerability in QTS, QuTS hero, and QuTScloud
https://notcve.org/view.php?id=CVE-2021-34343
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later Se ha reportado de una vulnerabilidad de desbordamiento del búfer de la pila que afecta al dispositivo QNAP que ejecuta QTS, QuTScloud, QuTS hero. Si es explotado, esta vulnerabilidad permite a atacantes ejecutar código arbitrario. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 y posteriores QTS 5.0.0.1716 build 20210701 y posteriores QuTScloud c4.5.6.1755 y posteriores QuTS hero h4.5.4.1771 build 20210825 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-33 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28816 – Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud
https://notcve.org/view.php?id=CVE-2021-28816
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QTS 4.3.3.1693 build 20210624 and later QTS 4.3.6.1750 build 20210730 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later Se ha reportado de una vulnerabilidad de desbordamiento del búfer de la pila que afecta al dispositivo QNAP que ejecuta QTS, QuTScloud, QuTS hero. Si es explotado, esta vulnerabilidad permite a atacantes ejecutar código arbitrario. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 y posteriores QTS 5.0.0.1716 build 20210701 y posteriores QTS 4.3.3.1693 build 20210624 y posteriores QTS 4.3.6.1750 build 20210730 y posteriores QuTScloud c4.5.6.1755 y posteriores QuTS hero h4.5.4.1771 build 20210825 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-33 • CWE-787: Out-of-bounds Write •