CVE-2017-7876

Sažetak

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.

Reference

https://www.qnap.com/en/release-notes/qts/4.2.6/20170517
https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503
https://www.qnap.com/zh-tw/security-advisory/nas-201707-12

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-09-2020 - 15:15

Objavljeno

15-06-2017 - 20:29