Lucene search

QnapCVELIST:CVE-2021-38682

HistoryJan 13, 2022 - 12:00 a.m.

CVE-2021-38682 Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard

2022-01-1300:00:00

CWE-120

qnap

www.cve.org

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

JSON

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later

CNA Affected

[
  {
    "platforms": [
      "QuTS hero h5.0.0"
    ],
    "product": "QVR Elite",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.4.0 (2021/12/06)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QuTS hero h4.5.4"
    ],
    "product": "QVR Elite",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.4.0 (2021/12/06)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 5.0.0"
    ],
    "product": "QVR Elite",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.4.0 (2021/12/06)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.5.4"
    ],
    "product": "QVR Elite",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.4.0 (2021/12/06)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.5.4"
    ],
    "product": "QVR Pro",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.3.0 (2021/12/06)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 5.0.0"
    ],
    "product": "QVR Pro",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.3.0 (2021/12/06)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.5.4"
    ],
    "product": "QVR Guard",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 5.0.0"
    ],
    "product": "QVR Guard",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-59

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

JSON

Related for CVELIST:CVE-2021-38682