PT-2022-3457 · Qnap · Qts+2
Enio Pena Navarro
+1
·
Published
2022-05-05
·
Updated
2023-11-14
·
CVE-2021-44054
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
QuTScloud versions prior to c5.0.1.1949
QuTS hero versions prior to h5.0.0.1949 build 20220215 and prior to h4.5.4.1951 build 20220218
QTS versions prior to 5.0.0.1986 build 20220324 and prior to 4.5.4.1991 build 20220329
Description
An open redirect issue affects QNAP devices running QuTScloud, QuTS hero, and QTS, allowing attackers to redirect users to untrusted pages containing malware. This could impact the confidentiality and integrity of information.
Recommendations
For QuTScloud versions prior to c5.0.1.1949, update to QuTScloud c5.0.1.1949 or later.
For QuTS hero versions prior to h5.0.0.1949 build 20220215, update to QuTS hero h5.0.0.1949 build 20220215 or later.
For QuTS hero versions prior to h4.5.4.1951 build 20220218, update to QuTS hero h4.5.4.1951 build 20220218 or later.
For QTS versions prior to 5.0.0.1986 build 20220324, update to QTS 5.0.0.1986 build 20220324 or later.
For QTS versions prior to 4.5.4.1991 build 20220329, update to QTS 4.5.4.1991 build 20220329 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qts
Quts Hero
Qutscloud