PT-2021-17923 · Qnap · Qnap Nas+2
Zuso Art
·
Published
2021-05-21
·
Updated
2022-10-18
·
CVE-2021-28798
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
QNAP NAS versions prior to QTS 4.5.2.1630 Build 20210406
QNAP NAS versions prior to QTS 4.3.6.1663 Build 20210504
QNAP NAS versions prior to QTS 4.3.3.1624 Build 20210416
QuTS hero versions prior to h4.5.2.1638 Build 20210414
Description:
A relative path traversal issue has been reported to affect QNAP NAS running QTS and QuTS hero, allowing attackers to modify files that impact system integrity if exploited.
Recommendations:
For QNAP NAS versions prior to QTS 4.5.2.1630 Build 20210406, update to QTS 4.5.2.1630 Build 20210406 or later.
For QNAP NAS versions prior to QTS 4.3.6.1663 Build 20210504, update to QTS 4.3.6.1663 Build 20210504 or later.
For QNAP NAS versions prior to QTS 4.3.3.1624 Build 20210416, update to QTS 4.3.3.1624 Build 20210416 or later.
For QuTS hero versions prior to h4.5.2.1638 Build 20210414, update to QuTS hero h4.5.2.1638 Build 20210414 or later.
Fix
Improper Access Control
Relative Path Traversal
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qnap Nas
Qts
Quts Hero