CVE-2020-36198 MEDIUM

CVE-2020-36198: Command Injection Vulnerability in Malware Remover

Vendor Qnap Systems Inc.
Product Malware Remover
Weakness CWE-77
Published May 13, 2021
Last update September 17, 2024

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x.

Key dates

02Disclosure timeline

May 13, 2021 CVE published
September 17, 2024 Record updated