Cyber Resilience

CVE-2021-44051

HighRCE

Published: 05 May 2022

Published
05 May 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0115 79.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-44051 is a high-severity Command Injection (CWE-77) vulnerability in Qnap Qts. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud,…

more

QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

qnap
qts
4.2.6 · 5.0.0.1716 — 5.0.0.1986 · 4.3.3.0174 — 4.3.3.1945 · 4.3.4.0899 — 4.3.4.1976
qnap
quts hero
≤ h4.5.4.1771 · h5.0.0.1772 — h5.0.0.1986
qnap
qutscloud
≤ c5.0.1.1998

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References