admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update TWCERT/CC CVE-2021-32506 CVE-2021-32507 CVE-2021-32508 CVE-2021-32509 CVE-2021-32510 CVE-2021-32511 CVE-2021-32512 CVE-2021-32513 CVE-2021-32514 CVE-2021-32515 CVE-2021-32516 CVE-2021-32517 CVE-2021-32518 CVE-2021-32519 CVE-2021-32520 CVE-2021-32521 CVE-2021-32522 CVE-2021-32523 CVE-2021-32524 CVE-2021-32525 CVE-2021-32526 CVE-2021-32527 CVE-2021-32528 CVE-2021-32529 CVE-2021-32530 CVE-2021-32531 CVE-2021-32532 CVE-2021-32533 CVE-2021-32534 CVE-2021-32535

Browse Source
This commit is contained in:
unknown 2021-07-22 12:06:18 +08:00
parent f4e91aa714
commit 58d0b726c2
30 changed files with 90 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2021/32xxx/CVE-2021-32506.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter."
"value": "Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3 ."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4862-f8b86-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4862-f8b86-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4862-f8b86-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4862-f8b86-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32507.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter."
"value": "Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4863-57d4a-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4863-57d4a-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4863-57d4a-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4863-57d4a-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32508.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter."
"value": "Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32509.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter."
"value": "Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32510.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter."
"value": "QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4866-b820b-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4866-b820b-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4866-b820b-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4866-b820b-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32511.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter."
"value": "QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4867-9c11c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4867-9c11c-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4867-9c11c-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4867-9c11c-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32512.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands."
"value": "QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4868-75574-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4868-75574-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4868-75574-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4868-75574-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32513.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands."
"value": "QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4869-714a5-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4869-714a5-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4869-714a5-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4869-714a5-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32514.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device."
"value": "Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4870-83620-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4870-83620-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4870-83620-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4870-83620-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32515.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information."
"value": "Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32516.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files."
"value": "Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4872-fcfa4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4872-fcfa4-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4872-fcfa4-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4872-fcfa4-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32517.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function."
"value": "Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4873-6f88b-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4873-6f88b-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4873-6f88b-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4873-6f88b-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32518.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files."
"value": "A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4874-79edc-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4874-79edc-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4874-79edc-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4874-79edc-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32519.json
View File

@ -59,7 +59,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash."
"value": "Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0."
}
]
},
@ -97,9 +97,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32520.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users\u2019 credentials and related permissions."
"value": "Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users credentials and related permissions.\nSuggest contacting with QSAN and refer to recommendations in QSAN Document."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4876-8da07-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4876-8da07-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4876-8da07-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4876-8da07-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32521.json
View File

@ -60,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges."
"value": "Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges.\nSuggest contacting with QSAN and refer to recommendations in QSAN Document."
}
]
},
@ -98,9 +98,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32522.json
View File

@ -60,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users\u2019 credentials and obtain access via a brute force attack."
"value": "Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users credentials and obtain access via a brute force attack.\nSuggest contacting with QSAN and refer to recommendations in QSAN Document."
}
]
},
@ -98,9 +98,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4878-0a279-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4878-0a279-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4878-0a279-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4878-0a279-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32523.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands."
"value": "Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands.\nSuggest contacting with QSAN and refer to recommendations in QSAN Document."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4879-01616-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4879-01616-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4879-01616-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4879-01616-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32524.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands."
"value": "Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands.\nSuggest contacting with QSAN and refer to recommendations in QSAN Document."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4880-e9ce7-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4880-e9ce7-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4880-e9ce7-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4880-e9ce7-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32525.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator\u2019s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions."
"value": "The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrators credential, entering the hard-coded password of the debug mode to execute the restricted system instructions.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4881-959d3-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4881-959d3-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4881-959d3-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4881-959d3-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32526.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files."
"value": "Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files.\nThe referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32527.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function."
"value": "Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function.\nSuggest contacting with QSAN and refer to recommendations in QSAN Document."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4883-aef9d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4883-aef9d-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4883-aef9d-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4883-aef9d-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32528.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions."
"value": "Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions.\nSuggest contacting with QSAN and refer to recommendations in QSAN Document."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4884-fd4cb-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4884-fd4cb-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4884-fd4cb-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4884-fd4cb-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32529.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands."
"value": "Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands.\nSuggest contacting with QSAN and refer to recommendations in QSAN Document."
}
]
},
@ -87,9 +87,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4885-b03c8-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4885-b03c8-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4885-b03c8-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4885-b03c8-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32530.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter."
"value": "OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter.\nThe referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4886-d3b14-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4886-d3b14-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4886-d3b14-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4886-d3b14-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32531.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions."
"value": "OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions.\nThe referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4887-ee5e3-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4887-ee5e3-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4887-ee5e3-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4887-ee5e3-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32532.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions."
"value": "Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions.\nThe referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4889-23410-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4889-23410-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4889-23410-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4889-23410-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32533.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions."
"value": "The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions.\nSuggest contacting with QSAN and refer to recommendations in QSAN Document."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4890-39791-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4890-39791-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4890-39791-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4890-39791-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32534.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions."
"value": "QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions.\nThe referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4891-94707-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4891-94707-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4891-94707-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4891-94707-1.html"
}
]
},

6
2021/32xxx/CVE-2021-32535.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator\u2019s permission and execute arbitrary functions."
"value": "The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrators permission and execute arbitrary functions.\nThe referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0."
}
]
},
@ -76,9 +76,9 @@
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4892-768d9-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4892-768d9-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-4892-768d9-1.html"
"url": "https://www.twcert.org.tw/tw/cp-132-4892-768d9-1.html"
}
]
},