Qnap vulns

18. huhtikuuta 2021 | 173 näyttökertaa

SQL Injection Vulnerability in Multimedia Console and the Media
Streaming Add-On
https://www.qnap.com/en-us/security-advisory/qsa-21-11
Classification: Critical, Solution: Update, Exploit: Unknown
An SQL injection vulnerability has been reported to affect QNAP NAS
running Multimedia Console or the Media Streaming add-on. If
exploited, the vulnerability allows remote attackers to obtain
application information. CVE-2020-36195

Command Injection Vulnerability in QTS and QuTS hero
https://www.qnap.com/en-us/security-advisory/qsa-21-05
Classification: Critical, Solution: Update, Exploit: Unknown
A command injection vulnerability has been reported to affect QTS and
QuTS hero. If exploited, this vulnerability allows attackers to
execute arbitrary commands in a compromised application. CVE-2020-2509