CNNVD-202512-3113 Information
CNNVD ID
CNNVD-202512-3113
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
QNAP Systems Hero和QNAP Systems QTS都是中国威联通科技(QNAP Systems)公司的产品。QNAP Systems Hero是一款用于管理文件的NAS操作系统。该系统保留了QTS的应用生态,整合更强大的128位ZFS文件系统,为企业提供更稳定可靠的NAS存储解决方案。QNAP Systems QTS是一个具有数据存储与管理功能的软件。 QNAP Systems Hero和QNAP Systems QTS存在参数注入漏洞,该漏洞源于命令参数分隔符中和不当,可能导致执行逻辑被篡改。
Description (English)
QNAP Systems Hero and QNAP Systems QTS are products of QNAP Systems. QNAP Systems Hero is a NAS operating system for managing documents. The system retains the application ecology of QTS, integrates a stronger 128-bit ZFS file system and provides enterprises with more stable and reliable NAS storage solutions. QNAP Systems QTS is a software with data storage and management functions. QNAP Systems Hero and QNAP Systems QTS have a gap in the parameters, which stems from the misalignment of the command parameter separator and may lead to a distortion of the execution logic.
Hazard Level
High
Vulnerability Type
参数注入
Affected Vendor
威联通科技
Published
2025-12-16
Last Modified
2026-02-24
References
https://www.qnap.com/en/security-advisory/qsa-25-45
Patch
https://www.qnap.com/en/security-advisory/qsa-25-45
Share on: