Search criteria
1 vulnerability by roonlabs
CVE-2021-28811 (GCVE-0-2021-28811)
Vulnerability from cvelistv5 – Published: 2021-06-08 03:00 – Updated: 2024-09-16 22:15
VLAI?
Title
Vulnerability in Roon Server
Summary
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later
Severity ?
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Roon Labs | Roon Server |
Affected:
unspecified , < 2021-05-18
(custom)
|
Credits
Beijing Venustech Cybervision Co. Ltd
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Roon Server",
"vendor": "Roon Labs",
"versions": [
{
"lessThan": "2021-05-18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Beijing Venustech Cybervision Co. Ltd"
}
],
"datePublic": "2021-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T03:00:13",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
],
"solutions": [
{
"lang": "en",
"value": "Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"source": {
"advisory": "QSA-21-17",
"discovery": "EXTERNAL"
},
"title": "Vulnerability in Roon Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-06-08T01:19:00.000Z",
"ID": "CVE-2021-28811",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in Roon Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Roon Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2021-05-18"
}
]
}
}
]
},
"vendor_name": "Roon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Beijing Venustech Cybervision Co. Ltd"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17",
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
]
},
"solution": [
{
"lang": "en",
"value": "Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"source": {
"advisory": "QSA-21-17",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-28811",
"datePublished": "2021-06-08T03:00:13.487690Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-16T22:15:50.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}