VDB
CVE-2021-28804
CVE-2021-28804
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217.
EPSS 2.75% · 86.3th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
2.75%
86.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| qnap | qts | 0 |
| QNAP Systems Inc. | QTS | unspecified |
| qnap | quts_hero | 0 |
| QNAP Systems Inc. | QuTS hero | unspecified |
Exploit Intelligence
Timeline
- Jul 1, 2021 EPSS Score
- Jul 1, 2021 CVE Published
- Aug 30, 2021 EPSS Score
- Dec 28, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 28, 2022 EPSS Score
- Jun 27, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 25, 2022 EPSS Score
- Feb 23, 2023 EPSS Score
References
- https://www.qnap.com/fr-fr/security-advisory/qsa-21-30 advisory
- https://www.qnap.com/fr-fr/security-advisory/qsa-21-31 advisory
- https://www.qnap.com/fr-fr/security-advisory/qsa-21-29 advisory
- https://www.qnap.com/fr-fr/security-advisory/qsa-21-09 advisory
- https://www.qnap.com/fr-fr/security-advisory/qsa-21-32 advisory
- https://www.qnap.com/zh-tw/security-advisory/qsa-21-29 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-28804 advisory