CVE-2021-28804 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-28804 PUBLISHED CVSS 9.800000190734863 CRITICAL

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217.

EPSS 2.75% · 85.9th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.75%

85.9th percentile

Affected Products

Vendor	Product	Versions
qnap	qts	0
QNAP Systems Inc.	QTS	unspecified
qnap	quts_hero	0
QNAP Systems Inc.	QuTS hero	unspecified

Timeline

Jul 1, 2021 EPSS Score
Jul 1, 2021 CVE Published
Aug 30, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 25, 2022 EPSS Score
Jun 23, 2022 EPSS Score
Oct 21, 2022 EPSS Score
Dec 20, 2022 EPSS Score
Feb 17, 2023 EPSS Score

References

Open in Interactive Console →