{"api_version":"1","generated_at":"2026-04-24T05:05:59+00:00","cve":"CVE-2021-32535","urls":{"html":"https://cve.report/CVE-2021-32535","api":"https://cve.report/api/cve/CVE-2021-32535.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-32535","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-32535"},"summary":{"title":"CVE-2021-32535","description":"The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.","state":"PUBLIC","assigner":"cve@cert.org.tw","published_at":"2021-07-07 14:15:00","updated_at":"2021-09-20 12:37:00"},"problem_types":["CWE-798"],"metrics":[],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-4892-768d9-1.html","name":"N/A","refsource":"CONFIRM","tags":[],"title":"TWCERT/CC台灣電腦網路危機處理暨協調中心-QSAN SANOS - Use of Hard-coded Credentials","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-32535","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32535","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"32535","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qsan","cpe5":"sanos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"32535","vulnerable":"1","versionEndIncluding":"2.0.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qsan","cpe5":"sanos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"AKA":"TWCERT/CC","ASSIGNER":"cve@cert.org.tw","DATE_PUBLIC":"2021-07-07T12:12:00.000Z","ID":"CVE-2021-32535","STATE":"PUBLIC","TITLE":"QSAN SANOS - Use of Hard-coded Credentials"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"SANOS","version":{"version_data":[{"version_affected":"<=","version_value":"2.0.0"}]}}]},"vendor_name":"QSAN"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-798 Use of Hard-coded Credentials"}]}]},"references":{"reference_data":[{"name":"https://www.twcert.org.tw/tw/cp-132-4892-768d9-1.html","refsource":"MISC","url":"https://www.twcert.org.tw/tw/cp-132-4892-768d9-1.html"}]},"solution":[{"lang":"eng","value":"QSAN SANOS v2.0.1"}],"source":{"advisory":"TVN-202104046","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-07-07 14:15:00","lastModifiedDate":"2021-09-20 12:37:00","problem_types":["CWE-798"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qsan:sanos:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"32535","Ordinal":"207920","Title":"CVE-2021-32535","CVE":"CVE-2021-32535","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"32535","Ordinal":"1","NoteData":"The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"32535","Ordinal":"2","NoteData":"2021-07-07","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"32535","Ordinal":"3","NoteData":"2021-07-22","Type":"Other","Title":"Modified"}]}}}