Multiple Vulnerabilities in QuNetSwitch (ADRA NDR)

Summary

Multiple vulnerabilities have been reported to affect QuNetSwitch.

• CVE-2026-22897: Remote attackers can exploit the command injection vulnerability to execute arbitrary commands.
• CVE-2026-22900: Remote attackers can exploit the use of hard-coded credentials vulnerability to gain unauthorized access.
• CVE-2026-22901: If a remote attacker gains a user account, they can then exploit the command injection vulnerability to execute arbitrary commands.
• CVE-2026-22902: If a local attacker gains an administrator account, they can then exploit the command injection vulnerability to execute arbitrary commands.

We have already fixed these vulnerabilities in the following versions:

Recommendation

For optimal security and performance, we recommend regularly updating QuNetSwitch to the latest version, ensuring you receive all vulnerability fixes and new features. You can view the product support status to check for the latest updates available for your model.

Updating QuNetSwitch

1. Log on to QTS or QuTS hero as an administrator.
2. Open App Center and then click .
   A search box appears.
3. Type "QuNetSwitch" and then press ENTER.
   QuNetSwitch appears in the search results.
4. Click Update.
   A confirmation message appears.
   Note: The Update button is not available if your QuNetSwitch is already up to date.
5. Click OK.
   The system updates the application.

Updating ADRA NDR

1. Log in to ADRA NDR.
2. Go to Firmware.
3. Select Update now.
4. Select Latest.
5. Click Apply.
   A confirmation message appears.
6. Click Apply.
   ADRA NDR downloads and installs the latest firmware.

Tip: You can also download the latest firmware for your specific device from Download Center, and then perform a manual update in ADRA NDR by going to Firmware > Manual Update.