CVE-2021-28802: Command Injection Vulnerabilities in QTS and QuTS hero
First published: Thu Jul 01 2021(Updated: )
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217.
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP QTS | <4.5.1.1540 | |
| QNAP QuTS hero | <h4.5.1.1582 |
Remedy
QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1540 build 20210107 and later QuTS hero h4.5.1.1582 build 20210217 and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-28802.
What is the severity of CVE-2021-28802?
The severity of CVE-2021-28802 is critical.
Which software versions are affected by CVE-2021-28802?
QTS versions prior to 4.5.1.1540 build 20210107 and Quts Hero versions prior to h4.5.1.1582 are affected by CVE-2021-28802.
What is the impact of CVE-2021-28802?
If exploited, CVE-2021-28802 allows attackers to execute arbitrary commands in a compromised application.
How can I fix CVE-2021-28802?
To fix CVE-2021-28802, update to QTS version 4.5.1.1540 build 20210107 (or later) or update to Quts Hero version h4.5.1.1582 (or later).
- agent/weakness
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/remedy
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/qnap
- canonical/qnap qts
- canonical/qnap quts hero