PT-2022-10343 · Qnap · Qutscloud+3

Tony Martin

Published

2022-05-26

Updated

2022-06-07

CVE-2021-34360

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QNAP Proxy Server versions prior to 1.4.2 QNAP Proxy Server versions prior to 1.4.3 in QuTS hero h5.0.0 QNAP Proxy Server versions prior to 1.4.2 in QuTScloud c4.5.6

Description A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP devices running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code.

Recommendations For QTS 4.5.x, update Proxy Server to version 1.4.2 or later. For QuTS hero h5.0.0, update Proxy Server to version 1.4.3 or later. For QuTScloud c4.5.6, update Proxy Server to version 1.4.2 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2021-34360

Affected Products

Qnap Proxy Server

Qts

Quts Hero

Qutscloud

PT-2022-10343 · Qnap · Qutscloud+3

CVE-2021-34360

Weakness Enumeration

Related Identifiers

Affected Products

References · 4