CVE-2021-32533
QSAN SANOS - Command Injection
In short
The QSAN SANOS settings page fails to filter user input, allowing attackers to inject and run arbitrary commands on the system. This is critical because it gives complete control of the device to unauthorized users.
Technical detail
CWE-78 command injection via unfiltered parameters in the SANOS settings interface allows unauthenticated remote code execution with no special privileges required (CVSS 9.8). Attack vector exploits insufficient input validation in the web administration panel to achieve system-level command execution.
Summary generated and translated by AI from the official description.
The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
QSAN · SANOSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →