RCE in Qsan Xevo
CVE-2021-32531
OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.014 (81.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Qsan Xevo — versions unspecified
Weakness classification (CWE)
References
- www.twcert.org.tw/tw/cp-132-4887-ee5e3-1.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-32531?
- CVE-2021-32531 is a critical-severity vulnerability in Qsan Xevo, classified under OS Command Injection. CVSS score: 9.8/10. Published 2021-07-07.
- How severe is CVE-2021-32531?
- Critical severity. CVSS v3 base score is 9.8 out of 10.