Search criteria
3 vulnerabilities found for roon_server by qnap
FKIE_CVE-2021-28810
Vulnerability from fkie_nvd - Published: 2021-06-08 03:15 - Updated: 2024-11-21 06:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | roon_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:roon_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "113C4FF8-2D0E-4A53-A681-15491D2089DB",
"versionEndExcluding": "2021-05-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
},
{
"lang": "es",
"value": "Si se explota, esta vulnerabilidad permite a un atacante acceder a recursos que no son accesibles de otro modo sin una autenticaci\u00f3n adecuada. Roon Labs ya ha corregido esta vulnerabilidad en las siguientes versiones: Roon Server 2021-05-18 y posteriores"
}
],
"id": "CVE-2021-28810",
"lastModified": "2024-11-21T06:00:14.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-08T03:15:07.030",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
}
]
}
CVE-2021-28810 (GCVE-0-2021-28810)
Vulnerability from cvelistv5 – Published: 2021-06-08 03:00 – Updated: 2024-09-16 19:57
VLAI?
Title
Vulnerability in Roon Server
Summary
If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later
Severity ?
7.5 (High)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Roon Labs | Roon Server |
Affected:
unspecified , < 2021-05-18
(custom)
|
Credits
Beijing Venustech Cybervision Co. Ltd
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Roon Server",
"vendor": "Roon Labs",
"versions": [
{
"lessThan": "2021-05-18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Beijing Venustech Cybervision Co. Ltd"
}
],
"datePublic": "2021-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T03:00:12",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
],
"solutions": [
{
"lang": "en",
"value": "Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"source": {
"advisory": "QSA-21-17",
"discovery": "EXTERNAL"
},
"title": "Vulnerability in Roon Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-06-08T01:20:00.000Z",
"ID": "CVE-2021-28810",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in Roon Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Roon Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2021-05-18"
}
]
}
}
]
},
"vendor_name": "Roon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Beijing Venustech Cybervision Co. Ltd"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17",
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
]
},
"solution": [
{
"lang": "en",
"value": "Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"source": {
"advisory": "QSA-21-17",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-28810",
"datePublished": "2021-06-08T03:00:12.833507Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-16T19:57:30.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28810 (GCVE-0-2021-28810)
Vulnerability from nvd – Published: 2021-06-08 03:00 – Updated: 2024-09-16 19:57
VLAI?
Title
Vulnerability in Roon Server
Summary
If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later
Severity ?
7.5 (High)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Roon Labs | Roon Server |
Affected:
unspecified , < 2021-05-18
(custom)
|
Credits
Beijing Venustech Cybervision Co. Ltd
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Roon Server",
"vendor": "Roon Labs",
"versions": [
{
"lessThan": "2021-05-18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Beijing Venustech Cybervision Co. Ltd"
}
],
"datePublic": "2021-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T03:00:12",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
],
"solutions": [
{
"lang": "en",
"value": "Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"source": {
"advisory": "QSA-21-17",
"discovery": "EXTERNAL"
},
"title": "Vulnerability in Roon Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-06-08T01:20:00.000Z",
"ID": "CVE-2021-28810",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in Roon Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Roon Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2021-05-18"
}
]
}
}
]
},
"vendor_name": "Roon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Beijing Venustech Cybervision Co. Ltd"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17",
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-17"
}
]
},
"solution": [
{
"lang": "en",
"value": "Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later"
}
],
"source": {
"advisory": "QSA-21-17",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-28810",
"datePublished": "2021-06-08T03:00:12.833507Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-16T19:57:30.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}