Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveQnapCVE-2021-28798
HistoryMay 21, 2021 - 3:15 a.m.

CVE-2021-28798

2021-05-2103:15:09
CWE-284
CWE-23
CWE-22
qnap
web.nvd.nist.gov
50
10
cve-2021-28798
path traversal
qnap nas
qts
quts hero
security
vulnerability
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

40.6%

JSON

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 20210406 and later QTS 4.3.6.1663 Build 20210504 and later QTS 4.3.3.1624 Build 20210416 and later QuTS hero h4.5.2.1638 Build 20210414 and later QNAP NAS running QTS 4.5.3 are not affected.

Affected configurations

Nvd
Node
qnapqtsRange4.3.2.01444.3.3.1624
OR
qnapqtsRange4.3.4.00004.3.6.1663
OR
qnapqtsRange4.4.00004.5.2.1630
OR
qnapquts_heroRange<h4.5.2.1638
VendorProductVersionCPE
qnapqts*cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
qnapquts_hero*cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.5.2.1630 Build 20210406",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.6.1663 Build 20210504",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.3.1624 Build 20210416",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "4.5.3"
      }
    ]
  },
  {
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h4.5.2.1638 Build 20210414",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
openvas 1
nvd 1
prion 1
cvelist
cvelist
CVE-2021-28798 Relative Path Traversal Vulnerability in QTS and QuTS hero
2021-05-21 03:00:11
openvas
openvas
QNAP QTS Directory Traversal Vulnerability (QSA-21-14)
2021-05-26 00:00:00
nvd
nvd
CVE-2021-28798
2021-05-21 03:15:09
prion
prion
Path traversal
2021-05-21 03:15:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

40.6%

JSON
Related for CVE-2021-28798
cvelist1openvas1nvd1prion1