Security News > 2021 > September > QNAP fixes critical bugs in QVR video surveillance solution
Network-attached storage maker QNAP has patched its QVR video management system against two critical-severity issues that could be exploited to run arbitrary commands.
QNAP promotes its QVR software as a professional solution that allows real-time video monitoring, recording, playback, and alarm notifications when coupled with supported IP cameras.
QNAP announced today that it fixed three command injection vulnerabilities in the QVR software for managing video surveillance, two of them receiving a critical severity score of 9.8 out of 10.
Apart from these two security issues, QNAP fixed another one tracked as CVE-2021-34349.
QNAP notes that the two critical vulnerabilities affect certain products running QVR that have reached end of life.
"Two command injection vulnerabilities have been reported to affect certain QNAP EOL devices running QVR. If exploited, these vulnerabilities allow remote attackers to run arbitrary commands" - QNAP. It is unclear if any of the bugs are being exploited been exploited.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-34349 | Command Injection vulnerability in Qnap QVR A command injection vulnerability has been reported to affect QNAP device running QVR. | 7.2 |