Search criteria
1 vulnerability by roonlabs
CVE-2021-28811 (GCVE-0-2021-28811)
Vulnerability from cvelistv5 – Published: 2021-06-08 03:00 – Updated: 2024-09-16 22:15
VLAI
Title
Vulnerability in Roon Server
Summary
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later
Severity
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/zh-tw/security-advisory/qsa-21-17 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Roon Labs | Roon Server |
Affected:
unspecified , < 2021-05-18
(custom)
|
Date Public
2021-06-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Roon Server",
"vendor": "Roon Labs",
"versions": [
{
"lessThan": "2021-05-18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Beijing Venustech Cybervision Co. Ltd"
}
],
"datePublic": "2021-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T03:00:13.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
],
"solutions": [
{
"lang": "en",
"value": "Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"source": {
"advisory": "QSA-21-17",
"discovery": "EXTERNAL"
},
"title": "Vulnerability in Roon Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-06-08T01:19:00.000Z",
"ID": "CVE-2021-28811",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in Roon Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Roon Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2021-05-18"
}
]
}
}
]
},
"vendor_name": "Roon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Beijing Venustech Cybervision Co. Ltd"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17",
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
]
},
"solution": [
{
"lang": "en",
"value": "Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"source": {
"advisory": "QSA-21-17",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-28811",
"datePublished": "2021-06-08T03:00:13.487Z",
"dateReserved": "2021-03-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:15:50.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}