A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162849/QNAP-MusicStation-MalwareRemover-File-Upload-Command-Injection.html | Patch Third Party Advisory VDB Entry |
https://www.qnap.com/zh-tw/security-advisory/qsa-21-16 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-592/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: qnap
Published: 2021-05-13T00:00:00
Updated: 2021-05-28T15:06:09
Reserved: 2021-01-19T00:00:00
Link: CVE-2020-36198
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-13T03:15:06.800
Modified: 2022-04-26T16:04:46.357
Link: CVE-2020-36198
JSON object: View
Redhat Information
No data.