Rewterz Threat Advisory – CVE-2021-28800- Command Injection Vulnerability in QTS

Rewterz Threat Alert – Lokibot Malware – Active IOCs

June 24, 2021

Rewterz Threat Alert – DanaBot Trojan – Active IOCs

June 24, 2021

Rewterz Threat Advisory – CVE-2021-28800- Command Injection Vulnerability in QTS

Severity

High

Analysis Summary

CVE-2021-28800

A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application.

Impact

Command Injection
Unauthorized Access

Affected Vendors

QNAP

Affected Products

Certain QNAP NAS

Remediation

Log on to QTS or QuTS hero as administrator.
Go to Control Panel > System > Firmware Update.
Under Live Update, click Check for Update.
QTS or QuTS hero downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Alert – Lokibot Malware – Active IOCs

Rewterz Threat Alert – DanaBot Trojan – Active IOCs

Rewterz Threat Advisory – CVE-2021-28800- Command Injection Vulnerability in QTS

Severity

Analysis Summary

CVE-2021-28800

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan