First published: Mon Jan 11 2021(Updated: )
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later)
Credit: security@qnapsecurity.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
QNAP QTS | <4.5.1.1456 | |
QNAP QuTS hero | <h4.5.1.1472 |
QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later)
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-2508 is a command injection vulnerability that affects QTS and QuTS hero, allowing attackers to execute arbitrary commands in a compromised application.
CVE-2020-2508 allows attackers to execute arbitrary commands in a compromised application, potentially leading to unauthorized access or control of the affected system.
CVE-2020-2508 affects QTS versions up to and excluding 4.5.1.1456, and Quts Hero versions up to and excluding h4.5.1.1472.
To fix CVE-2020-2508, it is recommended to update to QTS 4.5.1.1456 build 20201015 (or later) for QTS, and h4.5.1.1472 build 20201015 (or later) for QuTS hero, as these versions have fixed the vulnerability.
You can find more information about CVE-2020-2508 on QNAP's security advisory page: https://www.qnap.com/zh-tw/security-advisory/qsa-21-01