Known Vulnerabilities for products from Qsan
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Qsan".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-37216 json | QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript withou... | 6.1 - MEDIUM | 2021-08-02 | 2021-08-10 |
| CVE-2021-32535 json | The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administr... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32534 json | QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject a... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32533 json | The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and exe... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32532 json | Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files w... | 7.5 - HIGH | 2021-07-07 | 2021-09-20 |
| CVE-2021-32531 json | OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands withou... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-22 |
| CVE-2021-32530 json | OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrar... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32529 json | Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Su... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32528 json | Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system informat... | 5.3 - MEDIUM | 2021-07-07 | 2023-06-26 |
| CVE-2021-32527 json | Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru... | 7.5 - HIGH | 2021-07-07 | 2021-09-20 |
| CVE-2021-32526 json | Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attac... | 6.5 - MEDIUM | 2021-07-07 | 2021-09-20 |
| CVE-2021-32525 json | The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interfac... | 7.2 - HIGH | 2021-07-07 | 2021-09-20 |
| CVE-2021-32524 json | Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Suggest... | 7.2 - HIGH | 2021-07-07 | 2021-09-20 |
| CVE-2021-32523 json | Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and ... | 7.2 - HIGH | 2021-07-07 | 2022-08-04 |
| CVE-2021-32522 json | Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote at... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32521 json | Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privi... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-21 |
| CVE-2021-32520 json | Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-21 |
| CVE-2021-32519 json | Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote ... | 7.5 - HIGH | 2021-07-07 | 2021-09-20 |
| CVE-2021-32518 json | A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary... | 7.5 - HIGH | 2021-07-07 | 2022-07-02 |
| CVE-2021-32517 json | Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary fil... | 7.5 - HIGH | 2021-07-07 | 2022-08-04 |