CVE-2018-0714

CRITICAL

QNAP Helpdesk < 1.1.21 - Remote Command Injection

Title source: llm

Description

Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qnap.com/zh-tw/security-advisory/nas-201808-13

Scores

CVSS v3 9.8

EPSS 0.0573

EPSS Percentile 90.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

qnap/helpdesk < 1.1.21

Published Aug 13, 2018

Tracked Since Feb 18, 2026