Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-2509

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later

Published

2021-04-17T04:15:11.327

Last Modified

2025-02-13T14:22:58.803

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-77
CWE-78
Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qnap	qts	< 4.2.6	Yes
Operating System	qnap	qts	< 4.3.6	Yes
Operating System	qnap	qts	< 4.5.1	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.3.3.0174	Yes
Operating System	qnap	qts	4.3.3.0868	Yes
Operating System	qnap	qts	4.3.3.0998	Yes
Operating System	qnap	qts	4.3.3.1051	Yes
Operating System	qnap	qts	4.3.3.1098	Yes
Operating System	qnap	qts	4.3.3.1161	Yes
Operating System	qnap	qts	4.3.3.1252	Yes
Operating System	qnap	qts	4.3.3.1315	Yes
Operating System	qnap	qts	4.3.3.1386	Yes
Operating System	qnap	qts	4.3.3.1432	Yes
Operating System	qnap	qts	4.3.4.0358	Yes
Operating System	qnap	qts	4.3.4.0358	Yes
Operating System	qnap	qts	4.3.4.0370	Yes
Operating System	qnap	qts	4.3.4.0370	Yes
Operating System	qnap	qts	4.3.4.0372	Yes
Operating System	qnap	qts	4.3.4.0372	Yes
Operating System	qnap	qts	4.3.4.0374	Yes
Operating System	qnap	qts	4.3.4.0374	Yes
Operating System	qnap	qts	4.3.4.0387	Yes
Operating System	qnap	qts	4.3.4.0387	Yes
Operating System	qnap	qts	4.3.4.0411	Yes
Operating System	qnap	qts	4.3.4.0416	Yes
Operating System	qnap	qts	4.3.4.0427	Yes
Operating System	qnap	qts	4.3.4.0434	Yes
Operating System	qnap	qts	4.3.4.0435	Yes
Operating System	qnap	qts	4.3.4.0451	Yes
Operating System	qnap	qts	4.3.4.0483	Yes
Operating System	qnap	qts	4.3.4.0486	Yes
Operating System	qnap	qts	4.3.4.0506	Yes
Operating System	qnap	qts	4.3.4.0516	Yes
Operating System	qnap	qts	4.3.4.0526	Yes
Operating System	qnap	qts	4.3.4.0551	Yes
Operating System	qnap	qts	4.3.4.0557	Yes
Operating System	qnap	qts	4.3.4.0561	Yes
Operating System	qnap	qts	4.3.4.0569	Yes
Operating System	qnap	qts	4.3.4.0593	Yes
Operating System	qnap	qts	4.3.4.0597	Yes
Operating System	qnap	qts	4.3.4.0604	Yes
Operating System	qnap	qts	4.3.4.0899	Yes
Operating System	qnap	qts	4.3.4.1029	Yes
Operating System	qnap	qts	4.3.4.1082	Yes
Operating System	qnap	qts	4.3.4.1190	Yes
Operating System	qnap	qts	4.3.4.1282	Yes
Operating System	qnap	qts	4.3.4.1368	Yes
Operating System	qnap	qts	4.3.4.1417	Yes
Operating System	qnap	qts	4.3.4.1463	Yes
Operating System	qnap	qts	4.3.6	Yes
Operating System	qnap	qts	4.3.6.0895	Yes
Operating System	qnap	qts	4.3.6.0907	Yes
Operating System	qnap	qts	4.3.6.0923	Yes
Operating System	qnap	qts	4.3.6.0944	Yes
Operating System	qnap	qts	4.3.6.0959	Yes
Operating System	qnap	qts	4.3.6.0979	Yes
Operating System	qnap	qts	4.3.6.0993	Yes
Operating System	qnap	qts	4.3.6.1013	Yes
Operating System	qnap	qts	4.3.6.1033	Yes
Operating System	qnap	qts	4.3.6.1070	Yes
Operating System	qnap	qts	4.3.6.1154	Yes
Operating System	qnap	qts	4.3.6.1218	Yes
Operating System	qnap	qts	4.3.6.1263	Yes
Operating System	qnap	qts	4.3.6.1286	Yes
Operating System	qnap	qts	4.3.6.1333	Yes
Operating System	qnap	qts	4.3.6.1411	Yes
Operating System	qnap	qts	4.3.6.1446	Yes
Operating System	qnap	qts	4.5.1	Yes
Operating System	qnap	qts	4.5.1.1456	Yes
Operating System	qnap	qts	4.5.1.1461	Yes
Operating System	qnap	qts	4.5.1.1465	Yes
Operating System	qnap	qts	4.5.1.1480	Yes
Operating System	qnap	qts	4.5.2	Yes
Operating System	qnap	quts_hero	< h4.5.1	Yes
Operating System	qnap	quts_hero	h4.5.1	Yes
Operating System	qnap	quts_hero	h4.5.1.1472	Yes

References

https://www.qnap.com/en/security-advisory/qsa-21-05 Vendor Advisory ([email protected])
https://www.qnap.com/en/security-advisory/qsa-21-05 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)