CVE-2021-32534
CRITICALQSAN SANOS < 2.1.0 - Unauthenticated OS Command Injection via Factory Reset Function
Title source: llmDescription
QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4891-94707-1.html
Scores
CVSS v3
9.8
EPSS
0.0192
EPSS Percentile
77.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
qsan/sanos
< 2.1.0
Published
Jul 07, 2021
Tracked Since
Feb 18, 2026