Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-2509

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later
Exploit prediction scoring system (EPSS) score
EPSS Score 0.869
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.
Ransomware Campaign
Unknown
Products affected by CVE-2020-2509
  • Qnap » Qts » Version: N/A
    cpe:2.3:o:qnap:qts:-
  • Qnap » Qts » Version: 4.0
    cpe:2.3:o:qnap:qts:4.0
  • Qnap » Qts » Version: 4.0.3
    cpe:2.3:o:qnap:qts:4.0.3
  • Qnap » Qts » Version: 4.1.0
    cpe:2.3:o:qnap:qts:4.1.0
  • Qnap » Qts » Version: 4.1.1
    cpe:2.3:o:qnap:qts:4.1.1
  • Qnap » Qts » Version: 4.1.4
    cpe:2.3:o:qnap:qts:4.1.4
  • Qnap » Qts » Version: 4.2.0
    cpe:2.3:o:qnap:qts:4.2.0
  • Qnap » Qts » Version: 4.2.1
    cpe:2.3:o:qnap:qts:4.2.1
  • Qnap » Qts » Version: 4.2.2
    cpe:2.3:o:qnap:qts:4.2.2
  • Qnap » Qts » Version: 4.2.3
    cpe:2.3:o:qnap:qts:4.2.3
  • Qnap » Qts » Version: 4.2.4
    cpe:2.3:o:qnap:qts:4.2.4
  • Qnap » Qts » Version: 4.2.6
    cpe:2.3:o:qnap:qts:4.2.6
  • Qnap » Qts » Version: 4.3.3.0174
    cpe:2.3:o:qnap:qts:4.3.3.0174
  • Qnap » Qts » Version: 4.3.3.0868
    cpe:2.3:o:qnap:qts:4.3.3.0868
  • Qnap » Qts » Version: 4.3.3.0998
    cpe:2.3:o:qnap:qts:4.3.3.0998
  • Qnap » Qts » Version: 4.3.3.1051
    cpe:2.3:o:qnap:qts:4.3.3.1051
  • Qnap » Qts » Version: 4.3.3.1098
    cpe:2.3:o:qnap:qts:4.3.3.1098
  • Qnap » Qts » Version: 4.3.3.1161
    cpe:2.3:o:qnap:qts:4.3.3.1161
  • Qnap » Qts » Version: 4.3.3.1252
    cpe:2.3:o:qnap:qts:4.3.3.1252
  • Qnap » Qts » Version: 4.3.3.1315
    cpe:2.3:o:qnap:qts:4.3.3.1315
  • Qnap » Qts » Version: 4.3.3.1386
    cpe:2.3:o:qnap:qts:4.3.3.1386
  • Qnap » Qts » Version: 4.3.3.1432
    cpe:2.3:o:qnap:qts:4.3.3.1432
  • Qnap » Qts » Version: 4.3.4.0358
    cpe:2.3:o:qnap:qts:4.3.4.0358
  • Qnap » Qts » Version: 4.3.4.0370
    cpe:2.3:o:qnap:qts:4.3.4.0370
  • Qnap » Qts » Version: 4.3.4.0372
    cpe:2.3:o:qnap:qts:4.3.4.0372
  • Qnap » Qts » Version: 4.3.4.0374
    cpe:2.3:o:qnap:qts:4.3.4.0374
  • Qnap » Qts » Version: 4.3.4.0387
    cpe:2.3:o:qnap:qts:4.3.4.0387
  • Qnap » Qts » Version: 4.3.4.0411
    cpe:2.3:o:qnap:qts:4.3.4.0411
  • Qnap » Qts » Version: 4.3.4.0416
    cpe:2.3:o:qnap:qts:4.3.4.0416
  • Qnap » Qts » Version: 4.3.4.0427
    cpe:2.3:o:qnap:qts:4.3.4.0427
  • Qnap » Qts » Version: 4.3.4.0434
    cpe:2.3:o:qnap:qts:4.3.4.0434
  • Qnap » Qts » Version: 4.3.4.0435
    cpe:2.3:o:qnap:qts:4.3.4.0435
  • Qnap » Qts » Version: 4.3.4.0451
    cpe:2.3:o:qnap:qts:4.3.4.0451
  • Qnap » Qts » Version: 4.3.4.0483
    cpe:2.3:o:qnap:qts:4.3.4.0483
  • Qnap » Qts » Version: 4.3.4.0486
    cpe:2.3:o:qnap:qts:4.3.4.0486
  • Qnap » Qts » Version: 4.3.4.0506
    cpe:2.3:o:qnap:qts:4.3.4.0506
  • Qnap » Qts » Version: 4.3.4.0516
    cpe:2.3:o:qnap:qts:4.3.4.0516
  • Qnap » Qts » Version: 4.3.4.0526
    cpe:2.3:o:qnap:qts:4.3.4.0526
  • Qnap » Qts » Version: 4.3.4.0551
    cpe:2.3:o:qnap:qts:4.3.4.0551
  • Qnap » Qts » Version: 4.3.4.0557
    cpe:2.3:o:qnap:qts:4.3.4.0557
  • Qnap » Qts » Version: 4.3.4.0561
    cpe:2.3:o:qnap:qts:4.3.4.0561
  • Qnap » Qts » Version: 4.3.4.0569
    cpe:2.3:o:qnap:qts:4.3.4.0569
  • Qnap » Qts » Version: 4.3.4.0593
    cpe:2.3:o:qnap:qts:4.3.4.0593
  • Qnap » Qts » Version: 4.3.4.0597
    cpe:2.3:o:qnap:qts:4.3.4.0597
  • Qnap » Qts » Version: 4.3.4.0604
    cpe:2.3:o:qnap:qts:4.3.4.0604
  • Qnap » Qts » Version: 4.3.4.0899
    cpe:2.3:o:qnap:qts:4.3.4.0899
  • Qnap » Qts » Version: 4.3.4.1029
    cpe:2.3:o:qnap:qts:4.3.4.1029
  • Qnap » Qts » Version: 4.3.4.1082
    cpe:2.3:o:qnap:qts:4.3.4.1082
  • Qnap » Qts » Version: 4.3.4.1190
    cpe:2.3:o:qnap:qts:4.3.4.1190
  • Qnap » Qts » Version: 4.3.4.1282
    cpe:2.3:o:qnap:qts:4.3.4.1282
  • Qnap » Qts » Version: 4.3.4.1368
    cpe:2.3:o:qnap:qts:4.3.4.1368
  • Qnap » Qts » Version: 4.3.4.1417
    cpe:2.3:o:qnap:qts:4.3.4.1417
  • Qnap » Qts » Version: 4.3.4.1463
    cpe:2.3:o:qnap:qts:4.3.4.1463
  • Qnap » Qts » Version: 4.3.5
    cpe:2.3:o:qnap:qts:4.3.5
  • Qnap » Qts » Version: 4.3.6
    cpe:2.3:o:qnap:qts:4.3.6
  • Qnap » Qts » Version: 4.3.6.0895
    cpe:2.3:o:qnap:qts:4.3.6.0895
  • Qnap » Qts » Version: 4.3.6.0907
    cpe:2.3:o:qnap:qts:4.3.6.0907
  • Qnap » Qts » Version: 4.3.6.0923
    cpe:2.3:o:qnap:qts:4.3.6.0923
  • Qnap » Qts » Version: 4.3.6.0944
    cpe:2.3:o:qnap:qts:4.3.6.0944
  • Qnap » Qts » Version: 4.3.6.0959
    cpe:2.3:o:qnap:qts:4.3.6.0959
  • Qnap » Qts » Version: 4.3.6.0979
    cpe:2.3:o:qnap:qts:4.3.6.0979
  • Qnap » Qts » Version: 4.3.6.0993
    cpe:2.3:o:qnap:qts:4.3.6.0993
  • Qnap » Qts » Version: 4.3.6.1013
    cpe:2.3:o:qnap:qts:4.3.6.1013
  • Qnap » Qts » Version: 4.3.6.1033
    cpe:2.3:o:qnap:qts:4.3.6.1033
  • Qnap » Qts » Version: 4.3.6.1070
    cpe:2.3:o:qnap:qts:4.3.6.1070
  • Qnap » Qts » Version: 4.3.6.1154
    cpe:2.3:o:qnap:qts:4.3.6.1154
  • Qnap » Qts » Version: 4.3.6.1218
    cpe:2.3:o:qnap:qts:4.3.6.1218
  • Qnap » Qts » Version: 4.3.6.1263
    cpe:2.3:o:qnap:qts:4.3.6.1263
  • Qnap » Qts » Version: 4.3.6.1286
    cpe:2.3:o:qnap:qts:4.3.6.1286
  • Qnap » Qts » Version: 4.3.6.1333
    cpe:2.3:o:qnap:qts:4.3.6.1333
  • Qnap » Qts » Version: 4.3.6.1411
    cpe:2.3:o:qnap:qts:4.3.6.1411
  • Qnap » Qts » Version: 4.3.6.1446
    cpe:2.3:o:qnap:qts:4.3.6.1446
  • Qnap » Qts » Version: 4.4.0
    cpe:2.3:o:qnap:qts:4.4.0
  • Qnap » Qts » Version: 4.4.0.0883
    cpe:2.3:o:qnap:qts:4.4.0.0883
  • Qnap » Qts » Version: 4.4.0.0931
    cpe:2.3:o:qnap:qts:4.4.0.0931
  • Qnap » Qts » Version: 4.4.0.0979
    cpe:2.3:o:qnap:qts:4.4.0.0979
  • Qnap » Qts » Version: 4.4.1
    cpe:2.3:o:qnap:qts:4.4.1
  • Qnap » Qts » Version: 4.4.1.0948
    cpe:2.3:o:qnap:qts:4.4.1.0948
  • Qnap » Qts » Version: 4.4.1.0949
    cpe:2.3:o:qnap:qts:4.4.1.0949
  • Qnap » Qts » Version: 4.4.1.0978
    cpe:2.3:o:qnap:qts:4.4.1.0978
  • Qnap » Qts » Version: 4.4.1.0998
    cpe:2.3:o:qnap:qts:4.4.1.0998
  • Qnap » Qts » Version: 4.4.1.0999
    cpe:2.3:o:qnap:qts:4.4.1.0999
  • Qnap » Qts » Version: 4.4.1.1031
    cpe:2.3:o:qnap:qts:4.4.1.1031
  • Qnap » Qts » Version: 4.4.1.1033
    cpe:2.3:o:qnap:qts:4.4.1.1033
  • Qnap » Qts » Version: 4.4.1.1064
    cpe:2.3:o:qnap:qts:4.4.1.1064
  • Qnap » Qts » Version: 4.4.1.1081
    cpe:2.3:o:qnap:qts:4.4.1.1081
  • Qnap » Qts » Version: 4.4.1.1086
    cpe:2.3:o:qnap:qts:4.4.1.1086
  • Qnap » Qts » Version: 4.4.1.1101
    cpe:2.3:o:qnap:qts:4.4.1.1101
  • Qnap » Qts » Version: 4.4.1.1117
    cpe:2.3:o:qnap:qts:4.4.1.1117
  • Qnap » Qts » Version: 4.4.1.1146
    cpe:2.3:o:qnap:qts:4.4.1.1146
  • Qnap » Qts » Version: 4.4.1.1201
    cpe:2.3:o:qnap:qts:4.4.1.1201
  • Qnap » Qts » Version: 4.4.1.1216
    cpe:2.3:o:qnap:qts:4.4.1.1216
  • Qnap » Qts » Version: 4.4.1.1261
    cpe:2.3:o:qnap:qts:4.4.1.1261
  • Qnap » Qts » Version: 4.4.2
    cpe:2.3:o:qnap:qts:4.4.2
  • Qnap » Qts » Version: 4.4.2.1231
    cpe:2.3:o:qnap:qts:4.4.2.1231
  • Qnap » Qts » Version: 4.4.2.1270
    cpe:2.3:o:qnap:qts:4.4.2.1270
  • Qnap » Qts » Version: 4.4.3
    cpe:2.3:o:qnap:qts:4.4.3
  • Qnap » Qts » Version: 4.4.3.1354
    cpe:2.3:o:qnap:qts:4.4.3.1354
  • Qnap » Qts » Version: 4.4.3.1381
    cpe:2.3:o:qnap:qts:4.4.3.1381
  • Qnap » Qts » Version: 4.4.3.1400
    cpe:2.3:o:qnap:qts:4.4.3.1400
  • Qnap » Qts » Version: 4.4.3.1421
    cpe:2.3:o:qnap:qts:4.4.3.1421
  • Qnap » Qts » Version: 4.4.3.1439
    cpe:2.3:o:qnap:qts:4.4.3.1439
  • Qnap » Qts » Version: 4.4.3.1444
    cpe:2.3:o:qnap:qts:4.4.3.1444
  • Qnap » Qts » Version: 4.5.1
    cpe:2.3:o:qnap:qts:4.5.1
  • Qnap » Qts » Version: 4.5.1.1456
    cpe:2.3:o:qnap:qts:4.5.1.1456
  • Qnap » Qts » Version: 4.5.1.1461
    cpe:2.3:o:qnap:qts:4.5.1.1461
  • Qnap » Qts » Version: 4.5.1.1465
    cpe:2.3:o:qnap:qts:4.5.1.1465
  • Qnap » Qts » Version: 4.5.1.1480
    cpe:2.3:o:qnap:qts:4.5.1.1480
  • Qnap » Qts » Version: 4.5.2
    cpe:2.3:o:qnap:qts:4.5.2
  • Qnap » Quts Hero » Version: N/A
    cpe:2.3:o:qnap:quts_hero:-
  • Qnap » Quts Hero » Version: 4.5.4.2374
    cpe:2.3:o:qnap:quts_hero:4.5.4.2374
  • Qnap » Quts Hero » Version: 5.0.1.2376
    cpe:2.3:o:qnap:quts_hero:5.0.1.2376
  • Qnap » Quts Hero » Version: h4.5.0
    cpe:2.3:o:qnap:quts_hero:h4.5.0
  • Qnap » Quts Hero » Version: h4.5.0.1279
    cpe:2.3:o:qnap:quts_hero:h4.5.0.1279
  • Qnap » Quts Hero » Version: h4.5.0.1308
    cpe:2.3:o:qnap:quts_hero:h4.5.0.1308
  • Qnap » Quts Hero » Version: h4.5.0.1352
    cpe:2.3:o:qnap:quts_hero:h4.5.0.1352
  • Qnap » Quts Hero » Version: h4.5.0.1409
    cpe:2.3:o:qnap:quts_hero:h4.5.0.1409
  • Qnap » Quts Hero » Version: h4.5.1
    cpe:2.3:o:qnap:quts_hero:h4.5.1
  • Qnap » Quts Hero » Version: h4.5.1.1472
    cpe:2.3:o:qnap:quts_hero:h4.5.1.1472


Products
Pricing
Contact Us

Shodan ® - All rights reserved