Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-38693
HistoryMay 06, 2022 - 12:00 a.m.

CVE-2021-38693

2022-05-0600:00:00
CWE-22
[email protected]
web.nvd.nist.gov
59
4
cve-2021-38693
qnap
qutscloud
quts hero
qts
qvr pro appliance
path traversal
vulnerability
security fix
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.7%

JSON

A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later

Affected configurations

NVD
Node
qnapqtsRange<4.5.4.1991
OR
qnapqtsRange5.0.0.17165.0.0.1986
OR
qnapquts_heroRangeh5.0.0.1772h5.0.0.1949
OR
qnapqutscloudRange<c5.0.1.1949

CNA Affected

[
  {
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.0.1.1949",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.0.0.1949 build 20220215",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "h4.5.4.1951 build 20220218",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.0.0.1986 build 20220324",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.5.4.1991 build 20220329",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

openvas 3
prion 1
cvelist 1
nvd 1
thn 1
openvas
openvas
QNAP QTS Path Traversal Vulnerability (QSA-22-13)
2022-05-09 00:00:00
QNAP QuTS hero Path Traversal Vulnerability (QSA-22-13)
2022-05-30 00:00:00
QNAP QuTScloud Path Traversal Vulnerability (QSA-22-13)
2022-05-30 00:00:00
prion
prion
Path traversal
2022-05-05 17:15:00
cvelist
cvelist
CVE-2021-38693 Path Traversal in thttpd
2022-05-06 00:00:00
nvd
nvd
CVE-2021-38693
2022-05-05 17:15:09
thn
thn
QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices
2022-05-07 03:20:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.7%

JSON
Related for CVE-2021-38693
openvas3prion1cvelist1nvd1thn1