Test ID:	1.3.6.1.4.1.25623.1.0.170126
Category:	General
Title:	QNAP QuTS hero Multiple Vulnerabilities (QSA-22-16)
Summary:	QNAP QuTS hero is prone to multiple vulnerabilities.
Description:	Summary: QNAP QuTS hero is prone to multiple vulnerabilities. Vulnerability Insight: Multiple vulnerabilities have been reported to affect QuTS hero: - CVE-2021-44051: Command injection vulnerability - CVE-2021-44052: Improper link resolution before file access ('link following') vulnerability - CVE-2021-44053: Cross-site scripting (XSS) vulnerability - CVE-2021-44054: Open redirect vulnerability Vulnerability Impact: CVE-2021-44051: If exploited, this vulnerability allows remote attackers to run arbitrary commands. CVE-2021-44052: If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite files. CVE-2021-44053: If exploited, this vulnerability allows remote attackers to inject malicious code. CVE-2021-44054: If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. Affected Software/OS: QNAP QuTS hero version h4.x prior to h4.5.4 build 20220310 and h5.0.0 prior to h5.0.0 build 20220324. Solution: Update to version QuTS hero h4.5.4.1971 build 20220310, h5.0.0.1986 build 20220324 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-44051 https://www.qnap.com/en/security-advisory/qsa-22-16 Common Vulnerability Exposure (CVE) ID: CVE-2021-44052 Common Vulnerability Exposure (CVE) ID: CVE-2021-44053 Common Vulnerability Exposure (CVE) ID: CVE-2021-44054
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.