CVE-2021-32529

QSAN XEVO, SANOS - Command Injection -1

CVSS 9.8 CRITICALEPSS 2.3%CWE-77

In short

A flaw in QSAN XEVO and SANOS storage systems allows attackers to run unauthorized commands without logging in. This puts your data and system completely at risk.

Technical detail

Remote unauthenticated command injection vulnerability in QSAN XEVO and SANOS storage systems (CWE-77) permits arbitrary command execution via unsanitized input. No authentication required; attacker can directly compromise system integrity and confidentiality. CVSS 9.8 reflects critical severity with network accessibility and no user interaction required.

Summary generated and translated by AI from the official description.

Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

QSAN · SANOS QSAN · XEVO

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.twcert.org.tw/tw/cp-132-4885-b03c8-1.html