Vulnerability Description
A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Video Station | < 5.5.4 |
| Qnap | Qts | 4.5.2 |
| Qnap | Quts Hero | h4.5.2 |
| Qnap | Qutscloud | c4.5.4 |
Related Weaknesses (CWE)
References
- https://www.qnap.com/zh-tw/security-advisory/qsa-21-21Vendor Advisory
- https://www.qnap.com/zh-tw/security-advisory/qsa-21-21Vendor Advisory
FAQ
What is CVE-2021-28812?
CVE-2021-28812 is a vulnerability with a CVSS score of 8.8 (HIGH). A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affe...
How severe is CVE-2021-28812?
CVE-2021-28812 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28812?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Video Station, Qnap Qts, Qnap Quts Hero, Qnap Qutscloud.