Primary

Context

QNAP QuNetSwitch Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability exists in QuNetSwitch versions 2.0.x. If a remote attacker gains access to a user account, they can exploit this vulnerability to execute arbitrary commands. This issue has been resolved in QuNetSwitch versions 2.0.4.0415 and 2.0.5.0906.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected system.

Remediation

Users can update QuNetSwitch through the QTS or QuTS hero App Center. For ADRA NDR users, the latest firmware can be downloaded from the QNAP Download Center or via the application's firmware update feature.

Added: Mar 20, 2026, 5:19 PM

Updated: Mar 20, 2026, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP QuNetSwitch Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

QNAP QuNetSwitch

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating