CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-7876

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1890%
EPSS Percentile27.00th
Published2017年6月15日
Last Modified2026年5月13日

Vulnerability Description

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.

Affected Platforms (CPE)

💻
Qnap

Qts

<= 4.2.6

References & Advisories

🔗 https://www.qnap.com/en/release-notes/qts/4.2.6/20170517
🔗 https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503
🔗 https://www.qnap.com/zh-tw/security-advisory/nas-201707-12
🔗 https://www.qnap.com/en/release-notes/qts/4.2.6/20170517
🔗 https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503
🔗 https://www.qnap.com/zh-tw/security-advisory/nas-201707-12

関連する脆弱性情報

CVE-2021-2879910.0

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, th...

CVE-2018-07309.8

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulne...

CVE-2018-199499.8

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed ...

CVE-2019-71839.8

This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recomm...