CVE-2020-2507
CRITICAL EXPLOITEDQNAP Helpdesk < 3.0.3 - Remote Command Injection
Title source: llmExploitation Summary
CVE-2020-2507 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.qnap.com/zh-tw/security-advisory/qsa-20-08
Scores
CVSS v3
9.8
EPSS
0.0462
EPSS Percentile
89.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2021-03-05
CWE
CWE-78
CWE-77
Status
published
Products (1)
qnap/helpdesk
< 3.0.3
Published
Feb 03, 2021
Tracked Since
Feb 18, 2026