安全ID : QSA-21-16
Command Injection Vulnerability in Malware Remover
发布日期 : May 13, 2021
通用漏洞披露 : CVE-2020-36198
受影响产品: QNAP NAS running Malware Remover 4.x
严重程度
Moderate
状态
已解决
Summary
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands.
We have already fixed the issue in the following versions:
- QTS 4.4.x: Malware Remover 4.6.1.0 and later
QNAP NAS running Malware Remover 3.x are not affected.
Recommendation
To fix the vulnerability, we recommend updating Malware Remover to the latest version.
Updating Malware Remover
- Log on to QTS as administrator.
- Open the App Center and then click
.
A search box appears. - Type “Malware Remover” and then press ENTER.
Malware Remover appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Malware Remover is already up to date. - Click OK.
The application is updated.
致谢: Trend Micro ZDI - ZDI-CAN-12891
修订历史: V1.0 (May 13, 2021) - Published
