CVE-2021-32535
QSAN SANOS - Use of Hard-coded Credentials
In short
QSAN SANOS storage systems contain hard-coded default administrator credentials that cannot be changed, allowing anyone on the network to log in with full admin access and take complete control of the system.
Technical detail
CWE-798 hard-coded credentials in QSAN SANOS enable unauthenticated remote attackers to obtain administrative privileges without authentication. The vulnerability permits execution of arbitrary administrative functions on affected systems prior to v2.1.0, with no pre-conditions beyond network access.
Summary generated and translated by AI from the official description.
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
QSAN · SANOSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →