1. Home
  2. CVE Database
  3. CVE-2021-44051
HIGH · 8.8

CVE-2021-44051

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have...

Vulnerability Description

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QnapQts>= 5.0.0.1716, < 5.0.0.1986
QnapQuts Hero< h4.5.4.1771
QnapQutscloud< c5.0.1.1998

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2021-44051?

CVE-2021-44051 is a vulnerability with a CVSS score of 8.8 (HIGH). A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have...

How severe is CVE-2021-44051?

CVE-2021-44051 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-44051?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qts, Qnap Quts Hero, Qnap Qutscloud.