Lucene search

QnapCVELIST:CVE-2021-34346

HistorySep 10, 2021 - 4:00 a.m.

CVE-2021-34346 Stack Based Overflow Vulnerability in NVR Storage Expansion

2021-09-1004:00:27

CWE-787

qnap

www.cve.org

cve-2021-34346

stack based overflow

nvr storage expansion

qnap device

arbitrary code

fixed vulnerability

version 1.0.6

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

72.0%

JSON

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later

CNA Affected

[
  {
    "product": "NVR Storage Expansion",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "1.0.6 ( 2021/08/03 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-36

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

72.0%

JSON

Related for CVELIST:CVE-2021-34346