Qsan Storage Manager
23 CVEs affecting Qsan Storage Manager. Latest disclosed: 2021-07-07. Critical: 8, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-32522 | Critical | 9.8 | 2021-07-07 | Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credent… |
CVE-2021-32520 | Critical | 9.8 | 2021-07-07 | Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contac… |
CVE-2021-32519 | Critical | 9.8 | 2021-07-07 | Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-tex… |
CVE-2021-32513 | Critical | 9.8 | 2021-07-07 | QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary co… |
CVE-2021-32512 | Critical | 9.8 | 2021-07-07 | QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary c… |
CVE-2021-32525 | Critical | 9.1 | 2021-07-07 | The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credent… |
CVE-2021-32524 | Critical | 9.1 | 2021-07-07 | Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Suggest contacting with QSAN and refer to… |
CVE-2021-32523 | Critical | 9.1 | 2021-07-07 | Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Sugges… |
CVE-2021-32527 | High | 7.5 | 2021-07-07 | Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download f… |
CVE-2021-32518 | High | 7.5 | 2021-07-07 | A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability… |
CVE-2021-32517 | High | 7.5 | 2021-07-07 | Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in d… |
CVE-2021-32516 | High | 7.5 | 2021-07-07 | Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been sol… |
CVE-2021-32514 | High | 7.5 | 2021-07-07 | Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. The referred vul… |
CVE-2021-32521 | High | 7.3 | 2021-07-07 | Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSA… |
CVE-2021-32526 | Medium | 6.5 | 2021-07-07 | Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password… |
CVE-2021-32509 | Medium | 6.5 | 2021-07-07 | Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symb… |
CVE-2021-32508 | Medium | 6.5 | 2021-07-07 | Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Sy… |
CVE-2021-32507 | Medium | 6.5 | 2021-07-07 | Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path p… |
CVE-2021-32506 | Medium | 6.5 | 2021-07-07 | Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path param… |
CVE-2021-32528 | Medium | 5.3 | 2021-07-07 | Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions. Suggest c… |