CVE-2021-32524

Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands.

Source: CVE-2021-32524

CVE-2021-32525

The same hard-coded password in QSAN Storage Manager’s in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions.

Source: CVE-2021-32525

CVE-2021-32526

Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files.

Source: CVE-2021-32526

CVE-2021-32527

Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function.

Source: CVE-2021-32527

CVE-2021-32528

Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions.

Source: CVE-2021-32528

CVE-2021-32529

Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands.

Source: CVE-2021-32529

CVE-2021-32510

QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter.

Source: CVE-2021-32510

CVE-2021-32515

Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information.

Source: CVE-2021-32515

CVE-2021-32516

Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files.

Source: CVE-2021-32516

CVE-2021-32513

QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands.

Source: CVE-2021-32513