CyberSec.Space Logo
Back to CVE Browser

CVE-2017-7876

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1890%
EPSS Percentile27.00th
PublishedJun 15, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.

Affected Platforms (CPE)

πŸ’»
Qnap

Qts

<= 4.2.6

References & Advisories

πŸ”— https://www.qnap.com/en/release-notes/qts/4.2.6/20170517
πŸ”— https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503
πŸ”— https://www.qnap.com/zh-tw/security-advisory/nas-201707-12
πŸ”— https://www.qnap.com/en/release-notes/qts/4.2.6/20170517
πŸ”— https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503
πŸ”— https://www.qnap.com/zh-tw/security-advisory/nas-201707-12

Related Vulnerabilities

CVE-2021-2879910.0

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, th...

CVE-2018-07309.8

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulne...

CVE-2018-199499.8

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed ...

CVE-2019-71839.8

This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recomm...