Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-44052
HistoryMay 05, 2022 - 5:15 p.m.

CVE-2021-44052

2022-05-0517:15:10
CWE-59
[email protected]
web.nvd.nist.gov
1

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

47.3%

JSON

An improper link resolution before file access (‘Link Following’) vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later

Affected configurations

NVD
Node
qnapqtsRange5.0.0.17165.0.0.1986
OR
qnapqtsRange4.3.3.01744.3.3.1945
OR
qnapqtsRange4.3.4.08994.3.4.1976
OR
qnapqtsRange4.3.6.08954.3.6.1965
OR
qnapqtsRange4.4.0.08834.5.4.1991
OR
qnapqtsMatch4.2.6build_20170517
OR
qnapqtsMatch4.2.6build_20190322
OR
qnapqtsMatch4.2.6build_20190730
OR
qnapqtsMatch4.2.6build_20190921
OR
qnapqtsMatch4.2.6build_20191107
OR
qnapqtsMatch4.2.6build_20200109
OR
qnapqtsMatch4.2.6build_20200421
OR
qnapqtsMatch4.2.6build_20200611
OR
qnapqtsMatch4.2.6build_20200821
OR
qnapqtsMatch4.2.6build_20210327
OR
qnapqtsMatch4.2.6build_20211215
OR
qnapquts_heroRange<h4.5.4.1771
OR
qnapquts_heroRangeh5.0.0.1772h5.0.0.1986
OR
qnapqutscloudRange<c5.0.1.1998

Related

cvelist 1
cve 1
prion 1
openvas 3
thn 1
cvelist
cvelist
CVE-2021-44052 Arbitrary file read
2022-05-06 00:00:00
cve
cve
CVE-2021-44052
2022-05-06 00:00:00
prion
prion
Design/Logic Flaw
2022-05-05 17:15:00
openvas
openvas
QNAP QuTS hero Multiple Vulnerabilities (QSA-22-16)
2022-05-30 00:00:00
QNAP QTS Multiple Vulnerabilities (QSA-22-16)
2022-05-06 00:00:00
QNAP QuTScloud Multiple Vulnerabilities (QSA-22-16)
2022-05-30 00:00:00
thn
thn
QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices
2022-05-07 03:20:00

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

47.3%

JSON
Related for NVD:CVE-2021-44052
cvelist1cve1prion1openvas3thn1