EUVD-2021-25121

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Buffer overflow vulnerability in QNAP QVR software allows code execution; fixed in recent versions.

Reporter	Title	Published	Views	Family All 7
BDU FSTEC	The vulnerability of the QNAP QVR Elite, QVR Pro, and the QVR Guard application for managing emergency switching in video surveillance systems lies in the recording of data beyond the buffer in memory, allowing an intruder to execute arbitrary code.	20 Oct 202200:00	–	bdu_fstec
CNNVD	Qnap Qvr缓冲区错误漏洞	13 Jan 202200:00	–	cnnvd
CNVD	Qnap Qvr has an unspecified vulnerability	18 Jan 202200:00	–	cnvd
CVE	CVE-2021-38682	14 Jan 202201:00	–	cve
Cvelist	CVE-2021-38682 Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard	14 Jan 202201:00	–	cvelist
NVD	CVE-2021-38682	14 Jan 202201:15	–	nvd
Prion	Stack overflow	14 Jan 202201:15	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "9f8174b6-f751-353e-835c-a9030753a2de",
        "vendor": {
          "name": "QNAP Systems Inc."
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "4bbb920a-1b45-3e9d-97ef-c648ade580ee",
        "product": {
          "name": "QVR Elite"
        },
        "product_version": "unspecified <2.1.4.0 (2021/12/06)"
      },
      {
        "id": "be88d6b3-5a62-3cc2-9fd8-cff9a5f4f2d9",
        "product": {
          "name": "QVR Pro"
        },
        "product_version": "unspecified <2.1.3.0 (2021/12/06)"
      },
      {
        "id": "c787ff87-9a1b-3b00-8a70-25faa36402cf",
        "product": {
          "name": "QVR Guard"
        },
        "product_version": "unspecified <2.1.3.0"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-21-59
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

9.4High risk

Vulners AI Score9.4

CVSS 3.18.1 - 9.8

CVSS 27.5

EPSS0.01214