Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-033
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits QNAP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QTS | QTS 4.5.x versions antérieures à 4.5.4.1892 build 20211223 | ||
| Qnap | N/A | QcalAgent versions antérieures à 1.1.7 | ||
| Qnap | QVR | QVR Pro versions antérieures à 2.1.3.0 du 06/12/2021 | ||
| Qnap | QTS | QTS 5.0.x versions antérieures à 5.0.0.1891 build 20211221 | ||
| Qnap | QVR | QVR Guard versions antérieures à 2.1.3.0 du 06/12/2021 | ||
| Qnap | QuTS hero | QuTS hero versions antérieures à h5.0.0.1892 build 20211222 | ||
| Qnap | QVR | QVR Elite versions antérieures à 2.1.4.0 du 06/12/2021 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QTS 4.5.x versions ant\u00e9rieures \u00e0 4.5.4.1892 build 20211223",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QcalAgent versions ant\u00e9rieures \u00e0 1.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVR Pro versions ant\u00e9rieures \u00e0 2.1.3.0 du 06/12/2021",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 5.0.x versions ant\u00e9rieures \u00e0 5.0.0.1891 build 20211221",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVR Guard versions ant\u00e9rieures \u00e0 2.1.3.0 du 06/12/2021",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions ant\u00e9rieures \u00e0 h5.0.0.1892 build 20211222",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVR Elite versions ant\u00e9rieures \u00e0 2.1.4.0 du 06/12/2021",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-38690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38690"
},
{
"name": "CVE-2021-38677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38677"
},
{
"name": "CVE-2021-38691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38691"
},
{
"name": "CVE-2021-38678",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38678"
},
{
"name": "CVE-2021-38692",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38692"
},
{
"name": "CVE-2021-38689",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38689"
},
{
"name": "CVE-2021-38682",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38682"
}
],
"initial_release_date": "2022-01-13T00:00:00",
"last_revision_date": "2022-01-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-033",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits QNAP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits QNAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP qsa-21-57 du 13 janvier 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-57"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP qsa-21-60 du 13 janvier 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-60"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP qsa-21-59 du 13 janvier 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-59"
}
]
}
CVE-2021-38692 (GCVE-0-2021-38692)
Vulnerability from cvelistv5
Published
2022-01-14 01:00
Modified
2024-09-16 23:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QVR Elite |
Version: unspecified < 2.1.4.0 (2021/12/06) |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QuTS hero h5.0.0"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h4.5.4"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Pro",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Pro",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Guard",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Guard",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "crixer"
}
],
"datePublic": "2022-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T01:00:24",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
},
"title": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-13T01:54:00.000Z",
"ID": "CVE-2021-38692",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVR Elite",
"version": {
"version_data": [
{
"platform": "QuTS hero h5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QuTS hero h4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Pro",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Guard",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-59",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38692",
"datePublished": "2022-01-14T01:00:24.925297Z",
"dateReserved": "2021-08-13T00:00:00",
"dateUpdated": "2024-09-16T23:26:39.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38677 (GCVE-0-2021-38677)
Vulnerability from cvelistv5
Published
2022-01-14 01:00
Modified
2024-09-17 01:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QNAP Systems Inc. | QcalAgent |
Version: unspecified < 1.1.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QcalAgent",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.1.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T01:00:16",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-60"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QcalAgent:\nQcalAgent 1.1.7 and later"
}
],
"source": {
"advisory": "QSA-21-60",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS Vulnerability in QcalAgent",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-12T23:04:00.000Z",
"ID": "CVE-2021-38677",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS Vulnerability in QcalAgent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QcalAgent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.1.7"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-60",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-60"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QcalAgent:\nQcalAgent 1.1.7 and later"
}
],
"source": {
"advisory": "QSA-21-60",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38677",
"datePublished": "2022-01-14T01:00:16.519605Z",
"dateReserved": "2021-08-13T00:00:00",
"dateUpdated": "2024-09-17T01:10:31.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38690 (GCVE-0-2021-38690)
Vulnerability from cvelistv5
Published
2022-01-14 01:00
Modified
2024-09-16 22:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QVR Elite |
Version: unspecified < 2.1.4.0 (2021/12/06) |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QuTS hero h5.0.0"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h4.5.4"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Pro",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Pro",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Guard",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Guard",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "crixer"
}
],
"datePublic": "2022-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T01:00:21",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
},
"title": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-13T01:47:00.000Z",
"ID": "CVE-2021-38690",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVR Elite",
"version": {
"version_data": [
{
"platform": "QuTS hero h5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QuTS hero h4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Pro",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Guard",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-59",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38690",
"datePublished": "2022-01-14T01:00:22.078050Z",
"dateReserved": "2021-08-13T00:00:00",
"dateUpdated": "2024-09-16T22:20:56.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38682 (GCVE-0-2021-38682)
Vulnerability from cvelistv5
Published
2022-01-14 01:00
Modified
2024-09-16 23:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QVR Elite |
Version: unspecified < 2.1.4.0 (2021/12/06) |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QuTS hero h5.0.0"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h4.5.4"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Pro",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Pro",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Guard",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Guard",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "crixer"
}
],
"datePublic": "2022-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T01:00:19",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 and later\nQTS 5.0.0: QVR Guard 2.1.3.0 and later"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
},
"title": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-13T00:53:00.000Z",
"ID": "CVE-2021-38682",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVR Elite",
"version": {
"version_data": [
{
"platform": "QuTS hero h5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QuTS hero h4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Pro",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Guard",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.3.0"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.3.0"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-59",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 and later\nQTS 5.0.0: QVR Guard 2.1.3.0 and later"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38682",
"datePublished": "2022-01-14T01:00:19.308283Z",
"dateReserved": "2021-08-13T00:00:00",
"dateUpdated": "2024-09-16T23:50:46.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38678 (GCVE-0-2021-38678)
Vulnerability from cvelistv5
Published
2022-01-14 01:00
Modified
2024-09-17 03:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QNAP Systems Inc. | QcalAgent |
Version: unspecified < 1.1.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QcalAgent",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.1.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2022-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T01:00:17",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-60"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QcalAgent:\nQcalAgent 1.1.7 and later"
}
],
"source": {
"advisory": "QSA-21-60",
"discovery": "EXTERNAL"
},
"title": "Open Redirect Vulnerability in QcalAgent",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-12T22:58:00.000Z",
"ID": "CVE-2021-38678",
"STATE": "PUBLIC",
"TITLE": "Open Redirect Vulnerability in QcalAgent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QcalAgent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.1.7"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-60",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-60"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QcalAgent:\nQcalAgent 1.1.7 and later"
}
],
"source": {
"advisory": "QSA-21-60",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38678",
"datePublished": "2022-01-14T01:00:17.962964Z",
"dateReserved": "2021-08-13T00:00:00",
"dateUpdated": "2024-09-17T03:59:41.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38691 (GCVE-0-2021-38691)
Vulnerability from cvelistv5
Published
2022-01-14 01:00
Modified
2024-09-17 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QVR Elite |
Version: unspecified < 2.1.4.0 (2021/12/06) |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QuTS hero h5.0.0"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h4.5.4"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Pro",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Pro",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Guard",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Guard",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "crixer"
}
],
"datePublic": "2022-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T01:00:23",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
},
"title": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-13T01:49:00.000Z",
"ID": "CVE-2021-38691",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVR Elite",
"version": {
"version_data": [
{
"platform": "QuTS hero h5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QuTS hero h4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Pro",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Guard",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-59",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38691",
"datePublished": "2022-01-14T01:00:23.562025Z",
"dateReserved": "2021-08-13T00:00:00",
"dateUpdated": "2024-09-17T04:03:46.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38689 (GCVE-0-2021-38689)
Vulnerability from cvelistv5
Published
2022-01-14 01:00
Modified
2024-09-17 00:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QVR Elite |
Version: unspecified < 2.1.4.0 (2021/12/06) |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QuTS hero h5.0.0"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h4.5.4"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Elite",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.4.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Pro",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Pro",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.4"
],
"product": "QVR Guard",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "QVR Guard",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.3.0 (2021/12/06)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "crixer"
}
],
"datePublic": "2022-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T01:00:20",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
},
"title": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-13T13:44:00.000Z",
"ID": "CVE-2021-38689",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVR Elite",
"version": {
"version_data": [
{
"platform": "QuTS hero h5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QuTS hero h4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.4.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Pro",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Guard",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-59",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38689",
"datePublished": "2022-01-14T01:00:20.676529Z",
"dateReserved": "2021-08-13T00:00:00",
"dateUpdated": "2024-09-17T00:50:59.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…