Back to KEVs

CVE-2020-2507

command injection vulnerability in Helpdesk

Basic Information

CVE State
PUBLISHED
Reserved Date
December 09, 2019
Published Date
February 03, 2021
Last Updated
September 16, 2024
Vendor
QNAP Systems Inc.
Product
Helpdesk
Description
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

Score
1.62% (Percentile: 80.98%) as of 2025-06-14

Exploit Status

Exploited in the Wild
Yes (2025-05-17 00:00:00 UTC) Source

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-08

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-05-17 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel