CVE-2020-2509 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2020-2509

Analyzed

Known KEV

More Info Official Page

Source-security@qnapsecurity.com.tw

View Known Exploited Vulnerability (KEV) details

Published At-17 Apr, 2021 | 04:15

Updated At-13 Feb, 2025 | 14:22

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2022-04-11	2022-05-02	QNAP Network-Attached Storage (NAS) Command Injection Vulnerability	Apply updates per vendor instructions.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

QNAP Systems, Inc.

>>qts>>Versions before 4.2.6(exclusive)

cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>Versions from 4.3.5(inclusive) to 4.3.6(exclusive)

cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>Versions from 4.4.0(inclusive) to 4.5.1(exclusive)

cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.2.6

cpe:2.3:o:qnap:qts:4.2.6:-:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.2.6

cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.2.6

cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.2.6

cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.2.6

cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.2.6

cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.2.6

cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.2.6

cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.2.6

cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.2.6

cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3.0174

cpe:2.3:o:qnap:qts:4.3.3.0174:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3.0868

cpe:2.3:o:qnap:qts:4.3.3.0868:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3.0998

cpe:2.3:o:qnap:qts:4.3.3.0998:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3.1051

cpe:2.3:o:qnap:qts:4.3.3.1051:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3.1098

cpe:2.3:o:qnap:qts:4.3.3.1098:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3.1161

cpe:2.3:o:qnap:qts:4.3.3.1161:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3.1252

cpe:2.3:o:qnap:qts:4.3.3.1252:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3.1315

cpe:2.3:o:qnap:qts:4.3.3.1315:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3.1386

cpe:2.3:o:qnap:qts:4.3.3.1386:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.3.1432

cpe:2.3:o:qnap:qts:4.3.3.1432:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0358

cpe:2.3:o:qnap:qts:4.3.4.0358:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0358

cpe:2.3:o:qnap:qts:4.3.4.0358:beta1:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0370

cpe:2.3:o:qnap:qts:4.3.4.0370:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0370

cpe:2.3:o:qnap:qts:4.3.4.0370:beta1:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0372

cpe:2.3:o:qnap:qts:4.3.4.0372:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0372

cpe:2.3:o:qnap:qts:4.3.4.0372:beta1:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0374

cpe:2.3:o:qnap:qts:4.3.4.0374:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0374

cpe:2.3:o:qnap:qts:4.3.4.0374:beta1:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0387

cpe:2.3:o:qnap:qts:4.3.4.0387:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0387

cpe:2.3:o:qnap:qts:4.3.4.0387:beta2:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0411

cpe:2.3:o:qnap:qts:4.3.4.0411:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0416

cpe:2.3:o:qnap:qts:4.3.4.0416:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0427

cpe:2.3:o:qnap:qts:4.3.4.0427:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0434

cpe:2.3:o:qnap:qts:4.3.4.0434:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0435

cpe:2.3:o:qnap:qts:4.3.4.0435:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0451

cpe:2.3:o:qnap:qts:4.3.4.0451:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0483

cpe:2.3:o:qnap:qts:4.3.4.0483:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0486

cpe:2.3:o:qnap:qts:4.3.4.0486:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0506

cpe:2.3:o:qnap:qts:4.3.4.0506:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0516

cpe:2.3:o:qnap:qts:4.3.4.0516:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0526

cpe:2.3:o:qnap:qts:4.3.4.0526:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0551

cpe:2.3:o:qnap:qts:4.3.4.0551:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0557

cpe:2.3:o:qnap:qts:4.3.4.0557:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0561

cpe:2.3:o:qnap:qts:4.3.4.0561:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0569

cpe:2.3:o:qnap:qts:4.3.4.0569:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0593

cpe:2.3:o:qnap:qts:4.3.4.0593:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.3.4.0597

cpe:2.3:o:qnap:qts:4.3.4.0597:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-77	Secondary	security@qnapsecurity.com.tw
CWE-78	Secondary	security@qnapsecurity.com.tw
CWE-77	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.qnap.com/en/security-advisory/qsa-21-05	security@qnapsecurity.com.tw	Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-21-05	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory