Known Vulnerabilities for products from Qsan
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Qsan".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-37216 | QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript withou... | 6.1 - MEDIUM | 2021-08-02 | 2021-08-10 |
| CVE-2021-32535 | The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administr... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32534 | QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject a... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32533 | The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and exe... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32532 | Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files w... | 7.5 - HIGH | 2021-07-07 | 2021-09-20 |
| CVE-2021-32531 | OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands withou... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-22 |
| CVE-2021-32530 | OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrar... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32529 | Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Su... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32528 | Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system informat... | 5.3 - MEDIUM | 2021-07-07 | 2023-06-26 |
| CVE-2021-32527 | Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru... | 7.5 - HIGH | 2021-07-07 | 2021-09-20 |
| CVE-2021-32526 | Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attac... | 6.5 - MEDIUM | 2021-07-07 | 2021-09-20 |
| CVE-2021-32525 | The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interfac... | 7.2 - HIGH | 2021-07-07 | 2021-09-20 |
| CVE-2021-32524 | Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Suggest... | 7.2 - HIGH | 2021-07-07 | 2021-09-20 |
| CVE-2021-32523 | Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and ... | 7.2 - HIGH | 2021-07-07 | 2022-08-04 |
| CVE-2021-32522 | Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote at... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-20 |
| CVE-2021-32521 | Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privi... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-21 |
| CVE-2021-32520 | Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and... | 9.8 - CRITICAL | 2021-07-07 | 2021-09-21 |
| CVE-2021-32519 | Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote ... | 7.5 - HIGH | 2021-07-07 | 2021-09-20 |
| CVE-2021-32518 | A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary... | 7.5 - HIGH | 2021-07-07 | 2022-07-02 |
| CVE-2021-32517 | Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary fil... | 7.5 - HIGH | 2021-07-07 | 2022-08-04 |