Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-25847
PUBLISHED
More InfoOfficial Page
Assigner-twcert
Assigner Org ID-cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e
View Known Exploited Vulnerability (KEV) details
Published At-29 Dec, 2020 | 07:10
Updated At-16 Sep, 2024 | 16:28
Rejected At-
▼CVE Numbering Authority (CNA)
Command Injection Vulnerability in QTS and QuTS hero

This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.

Affected Products
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QTS
Platforms
  • build 20201123
Versions
Affected
  • From unspecified before 4.5.1.1495 (custom)
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QTS
Platforms
  • build 20200930
Versions
Affected
  • From unspecified through 4.4.3.1444 (custom)
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QTS
Versions
Unaffected
  • 4.3.x
  • 4.2.x
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QuTS hero
Platforms
  • build 20201119
Versions
Affected
  • From unspecified before h4.5.1.1491 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWECWE-78CWE-78 OS Command Injection
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1491 build 20201119 and later QTS 4.5.1.1495 build 20201123 and later This issue does not affect QTS 4.3.x and QTS 4.2.x.

Configurations
Workarounds
Exploits
Credits
CFF of Topsec Alpha Team
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qnap.com/en/security-advisory/qsa-20-20
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qnap.com/en/security-advisory/qsa-20-20
x_refsource_MISC
x_transferred
Details not found