CVE-2021-32530 CRITICAL

CVE-2021-32530: QSAN XEVO - Command Injection Following via Array function

Vendor Qsan

Product XEVO

Weakness CWE-78

Published July 7, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.

Key dates

02Disclosure timeline

July 7, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-32530 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2021-32530: QSAN XEVO - Command Injection Following via Array function

01Description

02Disclosure timeline

03References

04Related CVE