What is CVE-2017-7876?

CVE-2017-7876 is a critical-severity vulnerability in Qnap Qts, classified under Command Injection. CVSS score: 10.0/10. Published 2017-06-15.

How severe is CVE-2017-7876?

Critical severity. CVSS v3 base score is 10.0 out of 10.

RCE in Qnap Qts

CVE-2017-7876

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.067 (91.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Qnap Qts
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2017-7876?: CVE-2017-7876 is a critical-severity vulnerability in Qnap Qts, classified under Command Injection. CVSS score: 10.0/10. Published 2017-06-15.
How severe is CVE-2017-7876?: Critical severity. CVSS v3 base score is 10.0 out of 10.