CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32516 – QSAN Storage Manager - Path Traversal
https://notcve.org/view.php?id=CVE-2021-32516
Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad de path traversal en share_link en QSAN Storage Manager permite a los atacantes remotos descargar archivos arbitrarios. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4872-fcfa4-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32515 – QSAN Storage Manager - Exposure of Information Through Directory Listing
https://notcve.org/view.php?id=CVE-2021-32515
Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad del listado de directorios en share_link en QSAN Storage Manager permite a los atacantes listar directorios arbitrarios y acceder a la información de las credenciales. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32514 – QSAN Storage Manager - Improper Access Control Following via FirwareUpgrade function
https://notcve.org/view.php?id=CVE-2021-32514
Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad de control de acceso inadecuado en FirmwareUpgrade en QSAN Storage Manager permite a los atacantes remotos reiniciar y suspender el dispositivo. La referida vulnerabilidad ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4870-83620-1.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32513 – QSAN Storage Manager - Command Injection Following via QsanTorture function
https://notcve.org/view.php?id=CVE-2021-32513
QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. QsanTorture en QSAN Storage Manager no filtra correctamente los parámetros especiales que permiten a los atacantes remotos no autentificados inyectar y ejecutar comandos arbitrarios. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4869-714a5-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32512 – QSAN Storage Manager - Command Injection Following via QuickInstall function
https://notcve.org/view.php?id=CVE-2021-32512
QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. QuickInstall en QSAN Storage Manager no filtra correctamente los parámetros especiales que permiten a los atacantes remotos no autentificados inyectar y ejecutar comandos arbitrarios. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4868-75574-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •