Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for QVR by QNAP Systems Inc.

    CVE-2023-34974 (GCVE-0-2023-34974)

    Vulnerability from nvd – Published: 2024-09-06 16:27 – Updated: 2024-09-06 17:41
    VLAI
    Title
    QTS, QuTS hero, QuTScloud, QVR, QES
    Summary
    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QTS Affected: 4.5.x , < 4.5.4.2790 build 20240605 (custom)
    Create a notification for this product.
    QNAP Systems Inc. QuTS hero Affected: h4.5.x , < h4.5.4.2626 build 20231225 (custom)
    Create a notification for this product.
    QNAP Systems Inc. QuTScloud Unaffected: c5.x.x
    Create a notification for this product.
    QNAP Systems Inc. QVR Unaffected: 5.1.0
    Create a notification for this product.
    QNAP Systems Inc. QES Unaffected: 2.2.0
    Create a notification for this product.
    qnap qts Affected: 4.5.0 , < 4.5.4.2790_build_20240605 (custom)
        cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
    Create a notification for this product.
    qnap quts_hero Affected: h4.5.0 , < h4.5.4.2626_build_20231225 (custom)
        cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    huasheng_mangguo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "qts",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "4.5.4.2790_build_20240605",
                    "status": "affected",
                    "version": "4.5.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "quts_hero",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "h4.5.4.2626_build_20231225",
                    "status": "affected",
                    "version": "h4.5.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T17:22:28.665908Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T17:41:58.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QTS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "4.5.4.2790 build 20240605",
                  "status": "affected",
                  "version": "4.5.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QuTS hero",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "h4.5.4.2626 build 20231225",
                  "status": "affected",
                  "version": "h4.5.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QuTScloud",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "c5.x.x"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "5.1.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QES",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "2.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "huasheng_mangguo"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\u003cbr\u003eQuTScloud, QVR, QES are not affected.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 4.5.4.2790 build 20240605 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003e"
                }
              ],
              "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\nQuTScloud, QVR, QES are not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 4.5.4.2790 build 20240605 and later\nQuTS hero h4.5.4.2626 build 20231225 and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-06T16:27:27.244Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-32"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 4.5.4.2790 build 20240605 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQTS 4.5.4.2790 build 20240605 and later\nQuTS hero h4.5.4.2626 build 20231225 and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-32",
            "discovery": "EXTERNAL"
          },
          "title": "QTS, QuTS hero, QuTScloud, QVR, QES",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-34974",
        "datePublished": "2024-09-06T16:27:27.244Z",
        "dateReserved": "2023-06-08T08:26:04.294Z",
        "dateUpdated": "2024-09-06T17:41:58.365Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27588 (GCVE-0-2022-27588)

    Vulnerability from nvd – Published: 2022-05-05 16:50 – Updated: 2024-09-16 20:21
    VLAI
    Title
    Vulnerability in QVR
    Summary
    We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < 5.1.6 build 20220401 (custom)
    Create a notification for this product.
    Date Public
    2022-05-06 00:00
    Credits
    JPCERT/CC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:33:00.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-22-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.6 build 20220401",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "JPCERT/CC"
            }
          ],
          "datePublic": "2022-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-05T16:50:30.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-22-07"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.6 build 20220401 and later"
            }
          ],
          "source": {
            "advisory": "QSA-22-07",
            "discovery": "EXTERNAL"
          },
          "title": "Vulnerability in QVR",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2022-05-06T00:00:00.000Z",
              "ID": "CVE-2022-27588",
              "STATE": "PUBLIC",
              "TITLE": "Vulnerability in QVR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.6 build 20220401"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "JPCERT/CC"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-77"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-22-07",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-22-07"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.6 build 20220401 and later"
              }
            ],
            "source": {
              "advisory": "QSA-22-07",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2022-27588",
        "datePublished": "2022-05-05T16:50:30.497Z",
        "dateReserved": "2022-03-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:21:49.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38686 (GCVE-0-2021-38686)

    Vulnerability from nvd – Published: 2021-11-26 14:00 – Updated: 2024-09-16 20:16
    VLAI
    Title
    Improper Authentication Vulnerability in VioStor
    Summary
    An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < QVR FW 5.1.6 build 20211109 (custom)
    Create a notification for this product.
    Date Public
    2021-11-26 00:00
    Credits
    JPCERT/CC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:19.142Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-52"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "QVR FW 5.1.6 build 20211109",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "JPCERT/CC"
            }
          ],
          "datePublic": "2021-11-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-26T14:00:14.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-52"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR FW 5.1.6 build 20211109 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-52",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authentication Vulnerability in VioStor",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-11-26T09:47:00.000Z",
              "ID": "CVE-2021-38686",
              "STATE": "PUBLIC",
              "TITLE": "Improper Authentication Vulnerability in VioStor"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "QVR FW 5.1.6 build 20211109"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "JPCERT/CC"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287 Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-52",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-52"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR FW 5.1.6 build 20211109 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-52",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-38686",
        "datePublished": "2021-11-26T14:00:14.527Z",
        "dateReserved": "2021-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:16:15.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38685 (GCVE-0-2021-38685)

    Vulnerability from nvd – Published: 2021-11-26 14:00 – Updated: 2024-09-17 02:46
    VLAI
    Title
    Command Injection Vulnerability in VioStor
    Summary
    A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < QVR FW 5.1.6 build 20211109 (custom)
    Create a notification for this product.
    Date Public
    2021-11-26 00:00
    Credits
    JPCERT/CC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:19.221Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-51"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "QVR FW 5.1.6 build 20211109",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "JPCERT/CC"
            }
          ],
          "datePublic": "2021-11-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-26T14:00:13.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-51"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR FW 5.1.6 build 20211109 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-51",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in VioStor",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-11-26T09:48:00.000Z",
              "ID": "CVE-2021-38685",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in VioStor"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "QVR FW 5.1.6 build 20211109"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "JPCERT/CC"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78 OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-51",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-51"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR FW 5.1.6 build 20211109 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-51",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-38685",
        "datePublished": "2021-11-26T14:00:13.130Z",
        "dateReserved": "2021-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:46:41.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34352 (GCVE-0-2021-34352)

    Vulnerability from nvd – Published: 2021-10-01 02:50 – Updated: 2024-09-17 00:01
    VLAI
    Title
    Command Injection Vulnerability in QVR
    Summary
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < 5.1.5 build 20210902 (custom)
    Create a notification for this product.
    Date Public
    2021-10-01 00:00
    Credits
    360 的安全研究员 侯留洋(houliuyang@360.cn)和叶根深(yegenshen@360.cn)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:48.698Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5 build 20210902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
            }
          ],
          "datePublic": "2021-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-01T02:50:14.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-38"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210902 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-38",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in QVR",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-10-01T09:15:00.000Z",
              "ID": "CVE-2021-34352",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in QVR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.5 build 20210902"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-38",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-38"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210902 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-38",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34352",
        "datePublished": "2021-10-01T02:50:14.803Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:01:13.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34351 (GCVE-0-2021-34351)

    Vulnerability from nvd – Published: 2021-09-27 00:45 – Updated: 2024-09-16 22:45
    VLAI
    Title
    Command Injection Vulnerability in QVR
    Summary
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < 5.1.5 build 20210803 (custom)
    Create a notification for this product.
    Date Public
    2021-09-27 00:00
    Credits
    360 的安全研究员 侯留洋(houliuyang@360.cn)和叶根深(yegenshen@360.cn)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:50.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5 build 20210803",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
            }
          ],
          "datePublic": "2021-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-27T00:45:24.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-35",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in QVR",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-09-27T09:11:00.000Z",
              "ID": "CVE-2021-34351",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in QVR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.5 build 20210803"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-35",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-35",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34351",
        "datePublished": "2021-09-27T00:45:24.485Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:45:09.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34349 (GCVE-0-2021-34349)

    Vulnerability from nvd – Published: 2021-09-27 00:45 – Updated: 2024-09-17 00:56
    VLAI
    Title
    Command Injection Vulnerability in QVR
    Summary
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < 5.1.5 build 20210803 (custom)
    Create a notification for this product.
    Date Public
    2021-09-27 00:00
    Credits
    360 的安全研究员 侯留洋(houliuyang@360.cn)和叶根深(yegenshen@360.cn)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.709Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5 build 20210803",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
            }
          ],
          "datePublic": "2021-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-27T00:45:22.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-35",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in QVR",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-09-27T09:04:00.000Z",
              "ID": "CVE-2021-34349",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in QVR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.5 build 20210803"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-35",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-35",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34349",
        "datePublished": "2021-09-27T00:45:23.028Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:56:42.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34348 (GCVE-0-2021-34348)

    Vulnerability from nvd – Published: 2021-09-27 00:45 – Updated: 2024-09-16 22:21
    VLAI
    Title
    Command Injection Vulnerability in QVR
    Summary
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < 5.1.5 build 20210803 (custom)
    Create a notification for this product.
    Date Public
    2021-09-27 00:00
    Credits
    360 的安全研究员 侯留洋(houliuyang@360.cn)和叶根深(yegenshen@360.cn)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:05:52.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5 build 20210803",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
            }
          ],
          "datePublic": "2021-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-27T00:45:21.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-35",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in QVR",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-09-27T08:45:00.000Z",
              "ID": "CVE-2021-34348",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in QVR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.5 build 20210803"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-35",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-35",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34348",
        "datePublished": "2021-09-27T00:45:21.425Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:21:18.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34974 (GCVE-0-2023-34974)

    Vulnerability from cvelistv5 – Published: 2024-09-06 16:27 – Updated: 2024-09-06 17:41
    VLAI
    Title
    QTS, QuTS hero, QuTScloud, QVR, QES
    Summary
    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QTS Affected: 4.5.x , < 4.5.4.2790 build 20240605 (custom)
    Create a notification for this product.
    QNAP Systems Inc. QuTS hero Affected: h4.5.x , < h4.5.4.2626 build 20231225 (custom)
    Create a notification for this product.
    QNAP Systems Inc. QuTScloud Unaffected: c5.x.x
    Create a notification for this product.
    QNAP Systems Inc. QVR Unaffected: 5.1.0
    Create a notification for this product.
    QNAP Systems Inc. QES Unaffected: 2.2.0
    Create a notification for this product.
    qnap qts Affected: 4.5.0 , < 4.5.4.2790_build_20240605 (custom)
        cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
    Create a notification for this product.
    qnap quts_hero Affected: h4.5.0 , < h4.5.4.2626_build_20231225 (custom)
        cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    huasheng_mangguo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "qts",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "4.5.4.2790_build_20240605",
                    "status": "affected",
                    "version": "4.5.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "quts_hero",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "h4.5.4.2626_build_20231225",
                    "status": "affected",
                    "version": "h4.5.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T17:22:28.665908Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T17:41:58.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QTS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "4.5.4.2790 build 20240605",
                  "status": "affected",
                  "version": "4.5.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QuTS hero",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "h4.5.4.2626 build 20231225",
                  "status": "affected",
                  "version": "h4.5.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QuTScloud",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "c5.x.x"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "5.1.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QES",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "2.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "huasheng_mangguo"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\u003cbr\u003eQuTScloud, QVR, QES are not affected.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 4.5.4.2790 build 20240605 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003e"
                }
              ],
              "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\nQuTScloud, QVR, QES are not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 4.5.4.2790 build 20240605 and later\nQuTS hero h4.5.4.2626 build 20231225 and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-06T16:27:27.244Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-32"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 4.5.4.2790 build 20240605 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQTS 4.5.4.2790 build 20240605 and later\nQuTS hero h4.5.4.2626 build 20231225 and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-32",
            "discovery": "EXTERNAL"
          },
          "title": "QTS, QuTS hero, QuTScloud, QVR, QES",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-34974",
        "datePublished": "2024-09-06T16:27:27.244Z",
        "dateReserved": "2023-06-08T08:26:04.294Z",
        "dateUpdated": "2024-09-06T17:41:58.365Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27588 (GCVE-0-2022-27588)

    Vulnerability from cvelistv5 – Published: 2022-05-05 16:50 – Updated: 2024-09-16 20:21
    VLAI
    Title
    Vulnerability in QVR
    Summary
    We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < 5.1.6 build 20220401 (custom)
    Create a notification for this product.
    Date Public
    2022-05-06 00:00
    Credits
    JPCERT/CC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:33:00.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-22-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.6 build 20220401",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "JPCERT/CC"
            }
          ],
          "datePublic": "2022-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-05T16:50:30.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-22-07"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.6 build 20220401 and later"
            }
          ],
          "source": {
            "advisory": "QSA-22-07",
            "discovery": "EXTERNAL"
          },
          "title": "Vulnerability in QVR",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2022-05-06T00:00:00.000Z",
              "ID": "CVE-2022-27588",
              "STATE": "PUBLIC",
              "TITLE": "Vulnerability in QVR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.6 build 20220401"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "JPCERT/CC"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-77"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-22-07",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-22-07"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.6 build 20220401 and later"
              }
            ],
            "source": {
              "advisory": "QSA-22-07",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2022-27588",
        "datePublished": "2022-05-05T16:50:30.497Z",
        "dateReserved": "2022-03-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:21:49.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38686 (GCVE-0-2021-38686)

    Vulnerability from cvelistv5 – Published: 2021-11-26 14:00 – Updated: 2024-09-16 20:16
    VLAI
    Title
    Improper Authentication Vulnerability in VioStor
    Summary
    An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < QVR FW 5.1.6 build 20211109 (custom)
    Create a notification for this product.
    Date Public
    2021-11-26 00:00
    Credits
    JPCERT/CC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:19.142Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-52"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "QVR FW 5.1.6 build 20211109",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "JPCERT/CC"
            }
          ],
          "datePublic": "2021-11-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-26T14:00:14.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-52"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR FW 5.1.6 build 20211109 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-52",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authentication Vulnerability in VioStor",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-11-26T09:47:00.000Z",
              "ID": "CVE-2021-38686",
              "STATE": "PUBLIC",
              "TITLE": "Improper Authentication Vulnerability in VioStor"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "QVR FW 5.1.6 build 20211109"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "JPCERT/CC"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287 Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-52",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-52"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR FW 5.1.6 build 20211109 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-52",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-38686",
        "datePublished": "2021-11-26T14:00:14.527Z",
        "dateReserved": "2021-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:16:15.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38685 (GCVE-0-2021-38685)

    Vulnerability from cvelistv5 – Published: 2021-11-26 14:00 – Updated: 2024-09-17 02:46
    VLAI
    Title
    Command Injection Vulnerability in VioStor
    Summary
    A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < QVR FW 5.1.6 build 20211109 (custom)
    Create a notification for this product.
    Date Public
    2021-11-26 00:00
    Credits
    JPCERT/CC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:19.221Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-51"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "QVR FW 5.1.6 build 20211109",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "JPCERT/CC"
            }
          ],
          "datePublic": "2021-11-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-26T14:00:13.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-51"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR FW 5.1.6 build 20211109 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-51",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in VioStor",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-11-26T09:48:00.000Z",
              "ID": "CVE-2021-38685",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in VioStor"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "QVR FW 5.1.6 build 20211109"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "JPCERT/CC"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78 OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-51",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-51"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR FW 5.1.6 build 20211109 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-51",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-38685",
        "datePublished": "2021-11-26T14:00:13.130Z",
        "dateReserved": "2021-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:46:41.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34352 (GCVE-0-2021-34352)

    Vulnerability from cvelistv5 – Published: 2021-10-01 02:50 – Updated: 2024-09-17 00:01
    VLAI
    Title
    Command Injection Vulnerability in QVR
    Summary
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < 5.1.5 build 20210902 (custom)
    Create a notification for this product.
    Date Public
    2021-10-01 00:00
    Credits
    360 的安全研究员 侯留洋(houliuyang@360.cn)和叶根深(yegenshen@360.cn)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:48.698Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5 build 20210902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
            }
          ],
          "datePublic": "2021-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-01T02:50:14.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-38"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210902 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-38",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in QVR",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-10-01T09:15:00.000Z",
              "ID": "CVE-2021-34352",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in QVR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.5 build 20210902"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-38",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-38"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210902 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-38",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34352",
        "datePublished": "2021-10-01T02:50:14.803Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:01:13.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34351 (GCVE-0-2021-34351)

    Vulnerability from cvelistv5 – Published: 2021-09-27 00:45 – Updated: 2024-09-16 22:45
    VLAI
    Title
    Command Injection Vulnerability in QVR
    Summary
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < 5.1.5 build 20210803 (custom)
    Create a notification for this product.
    Date Public
    2021-09-27 00:00
    Credits
    360 的安全研究员 侯留洋(houliuyang@360.cn)和叶根深(yegenshen@360.cn)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:50.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5 build 20210803",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
            }
          ],
          "datePublic": "2021-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-27T00:45:24.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-35",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in QVR",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-09-27T09:11:00.000Z",
              "ID": "CVE-2021-34351",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in QVR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.5 build 20210803"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-35",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-35",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34351",
        "datePublished": "2021-09-27T00:45:24.485Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:45:09.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34349 (GCVE-0-2021-34349)

    Vulnerability from cvelistv5 – Published: 2021-09-27 00:45 – Updated: 2024-09-17 00:56
    VLAI
    Title
    Command Injection Vulnerability in QVR
    Summary
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < 5.1.5 build 20210803 (custom)
    Create a notification for this product.
    Date Public
    2021-09-27 00:00
    Credits
    360 的安全研究员 侯留洋(houliuyang@360.cn)和叶根深(yegenshen@360.cn)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.709Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5 build 20210803",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
            }
          ],
          "datePublic": "2021-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-27T00:45:22.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-35",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in QVR",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-09-27T09:04:00.000Z",
              "ID": "CVE-2021-34349",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in QVR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.5 build 20210803"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-35",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-35",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34349",
        "datePublished": "2021-09-27T00:45:23.028Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:56:42.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34348 (GCVE-0-2021-34348)

    Vulnerability from cvelistv5 – Published: 2021-09-27 00:45 – Updated: 2024-09-16 22:21
    VLAI
    Title
    Command Injection Vulnerability in QVR
    Summary
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QVR Affected: unspecified , < 5.1.5 build 20210803 (custom)
    Create a notification for this product.
    Date Public
    2021-09-27 00:00
    Credits
    360 的安全研究员 侯留洋(houliuyang@360.cn)和叶根深(yegenshen@360.cn)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:05:52.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QVR",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5 build 20210803",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
            }
          ],
          "datePublic": "2021-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-27T00:45:21.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-35",
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection Vulnerability in QVR",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-09-27T08:45:00.000Z",
              "ID": "CVE-2021-34348",
              "STATE": "PUBLIC",
              "TITLE": "Command Injection Vulnerability in QVR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QVR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.5 build 20210803"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "360 \u7684\u5b89\u5168\u7814\u7a76\u5458 \u4faf\u7559\u6d0b\uff08houliuyang@360.cn\uff09\u548c\u53f6\u6839\u6df1\uff08yegenshen@360.cn\uff09"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-35",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-35"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of QVR:\nQVR 5.1.5 build 20210803 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-35",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34348",
        "datePublished": "2021-09-27T00:45:21.425Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:21:18.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }