CVE-2021-44051

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later

Published: May 5, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-44051
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
qnap / quts_hero	-	h4.5.4.1771
qnap / qts	5.0.0.1716	5.0.0.1986
qnap / qts	4.4.0.0883	4.5.4.1991
qnap / qts	4.3.6.0895	4.3.6.1965
qnap / qts	4.3.4.0899	4.3.4.1976
qnap / qts	4.3.3.0174	4.3.3.1945
qnap / qts	4.2.6-build_20170517	4.2.6-build_20170517.x
qnap / qts	4.2.6-build_20190322	4.2.6-build_20190322.x
qnap / qts	4.2.6-build_20190730	4.2.6-build_20190730.x
qnap / qts	4.2.6-build_20190921	4.2.6-build_20190921.x
qnap / qts	4.2.6-build_20191107	4.2.6-build_20191107.x
qnap / qts	4.2.6-build_20200109	4.2.6-build_20200109.x
qnap / qts	4.2.6-build_20200421	4.2.6-build_20200421.x
qnap / qts	4.2.6-build_20200611	4.2.6-build_20200611.x
qnap / qts	4.2.6-build_20200821	4.2.6-build_20200821.x
qnap / qts	4.2.6-build_20210327	4.2.6-build_20210327.x
qnap / qts	4.2.6-build_20211215	4.2.6-build_20211215.x
qnap / quts_hero	h5.0.0.1772	h5.0.0.1986
qnap / qutscloud	-	c5.0.1.1998

https://www.qnap.com/en/security-advisory/qsa-22-16

Vulnerability Database

289,697

CVE-2021-44051