CVE-2024-21906— QTS, QuTS hero

QTS, QuTS hero

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

QNAP QTS和QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS和QNAP Systems QuTS hero都是中国威联通科技（QNAP Systems）公司的产品。QNAP Systems QTS是一个入门到中阶QNAP NAS 使用的操作系统。QNAP Systems QuTS hero是一个操作系统。 QNAP QTS 5.1.8.2823 build 20240712版本及之前版本和QuTS hero h5.1.8.2823 build 20240712版本及之前版本存在操作系统命令注入漏洞，该漏洞源于包含一个操作系统命令注入

N/A

N/A