Lucene search

QnapCVELIST:CVE-2021-44055

HistoryMay 06, 2022 - 12:00 a.m.

CVE-2021-44055 Information leakage in Video Station

2022-05-0600:00:00

CWE-862

qnap

www.cve.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

9.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

JSON

An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later

CNA Affected

[
  {
    "product": "Video Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.5.9 ( 2022/02/16 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-22-14

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

9.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVELIST:CVE-2021-44055