CVE-2021-32531
QSAN XEVO - Command Injection Following via Init function
In short
A vulnerability in QSAN XEVO allows attackers to run any command on the system through the Init function without needing special permissions. This is critical because it gives complete control of the device to unauthorized users.
Technical detail
Remote command injection in the Init function of QSAN XEVO (CWE-78) permits unauthenticated attackers to execute arbitrary OS commands with system privileges. The vulnerability requires network access to the affected function but no authentication; exploitation results in complete system compromise. Fixed in version 2.1.0.
Summary generated and translated by AI from the official description.
OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
QSAN · XEVOWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →