Lucene search

QnapCVELIST:CVE-2021-38686

HistoryNov 26, 2021 - 2:00 p.m.

CVE-2021-38686 Improper Authentication Vulnerability in VioStor

2021-11-2614:00:14

CWE-287

qnap

www.cve.org

cve-2021-38686

improper authentication

qnap viostor

qvr fw 5.1.6

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later

CNA Affected

[
  {
    "product": "QVR",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "QVR FW 5.1.6 build 20211109",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-52

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for CVELIST:CVE-2021-38686