PT-2021-4459 · Qnap · Qutscloud+2

Bingwei Peng

Published

2021-09-09

Updated

2022-02-10

CVE-2021-34343

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QTS versions prior to 4.5.4.1715 build 20210630 QTS versions prior to 5.0.0.1716 build 20210701 QuTScloud versions prior to c4.5.6.1755 QuTS hero versions prior to h4.5.4.1771 build 20210825

Description A stack buffer overflow issue has been reported, affecting QNAP devices running QTS, QuTScloud, QuTS hero. This issue allows attackers to execute arbitrary code if exploited.

Recommendations For QTS versions prior to 4.5.4.1715 build 20210630, update to QTS 4.5.4.1715 build 20210630 or later. For QTS versions prior to 5.0.0.1716 build 20210701, update to QTS 5.0.0.1716 build 20210701 or later. For QuTScloud versions prior to c4.5.6.1755, update to QuTScloud c4.5.6.1755 or later. For QuTS hero versions prior to h4.5.4.1771 build 20210825, update to QuTS hero h4.5.4.1771 build 20210825 or later.

Fix

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

BDU:2021-05092

CVE-2021-34343

Affected Products

Qts

Quts Hero

Qutscloud

PT-2021-4459 · Qnap · Qutscloud+2

CVE-2021-34343

Weakness Enumeration

Related Identifiers

Affected Products

References · 5