← voltar
CVE-2020-36194

XSS Vulnerability in QTS and QuTS heroCommand Injection Vulnerabilities in QTS and QuTS hero

CVSS 6.1 MEDIUMEPSS 0.6%CWE-79
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.1EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 jul 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
QNAP Systems Inc. · QTSQNAP Systems Inc. · QuTS hero

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.qnap.com/zh-tw/security-advisory/qsa-21-32