CVE-2021-38687

🗓️ 29 Dec 2021 13:05:14Reported by qnapType

Stack buffer overflow vulnerability in QNAP NAS Surveillance Station. Fixed in QTS 5.0.0 (64 bit), Surveillance Station 5.2.0.4.2 (2021/10/26) and later versions

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the Surveillance Station application for operating systems QTS and network storage devices QNAP, related to the operation’s out-of-buffer behavior in memory, allows a intruder to execute arbitrary code.	25 Jan 202200:00	–	bdu_fstec
Circl	CVE-2021-38687	29 Dec 202116:25	–	circl
CNNVD	QNAP NAS 缓冲区错误漏洞	9 Dec 202100:00	–	cnnvd
CNVD	QNAP NAS Buffer Overflow Vulnerability	30 Dec 202100:00	–	cnvd
Cvelist	CVE-2021-38687 Stack Overflow Vulnerability in Surveillance Station	29 Dec 202113:05	–	cvelist
EUVD	EUVD-2021-25126	7 Oct 202500:30	–	euvd
NVD	CVE-2021-38687	29 Dec 202113:15	–	nvd
OpenVAS	QNAP QTS Surveillance Station Buffer Overflow Vulnerability (QSA-21-46)	11 Jan 202200:00	–	openvas
OSV	CVE-2021-38687	29 Dec 202113:15	–	osv
Prion	Stack overflow	29 Dec 202113:15	–	prion

NVD

Node

qnap surveillance_stationRange<5.2.0.4.2

AND

qnap qtsMatch5.0.0x64

Node

qnap surveillance_stationRange<5.2.0.3.2

AND

qnap qtsMatch5.0.0x86

Node

qnap surveillance_stationRange<5.1.5.4.6

AND

qnap qtsMatch4.3.6x64

Node

qnap surveillance_stationRange<5.1.5.3.6

AND

qnap qtsMatch4.3.6x86

Node

qnap surveillance_stationRange<5.1.5.3.6

AND

qnap qtsMatch4.3.3

[
  {
    "platforms": [
      "QTS 5.0 (64 bit)"
    ],
    "product": "Surveillance Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.2.0.4.2 ( 2021/10/26 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 5.0 (32 bit)"
    ],
    "product": "Surveillance Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.2.0.3.2 ( 2021/10/26 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.3.6 (64 bit)"
    ],
    "product": "Surveillance Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.5.4.6 ( 2021/10/26 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.3.6 (32 bit)"
    ],
    "product": "Surveillance Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.5.3.6 ( 2021/10/26 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.3.3"
    ],
    "product": "Surveillance Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.5.3.6 ( 2021/10/26 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-21-46

21 Nov 2024 06:17Current

9.4High risk

Vulners AI Score9.4

CVSS 27.5

CVSS 3.18.1 - 9.8

EPSS0.00814

CWE-120