PT-2022-5118 · Qnap · Qvr Elite+2

Crixer

Published

2022-01-13

Updated

2022-01-22

CVE-2021-38692

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QVR Elite versions prior to 2.1.4.0 QVR Pro versions prior to 2.1.3.0 QVR Guard versions prior to 2.1.3.0

Description A stack buffer overflow vulnerability has been reported to affect QNAP devices running QVR Elite, QVR Pro, and QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code.

Recommendations For QVR Elite versions prior to 2.1.4.0, update to version 2.1.4.0 or later. For QVR Pro versions prior to 2.1.3.0, update to version 2.1.3.0 or later. For QVR Guard versions prior to 2.1.3.0, update to version 2.1.3.0 or later.

Fix

Memory Corruption

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121CWE-120

Related Identifiers

BDU:2022-06367

CVE-2021-38692

Affected Products

Qvr Elite

Qvr Guard

Qvr Pro

PT-2022-5118 · Qnap · Qvr Elite+2

CVE-2021-38692

Weakness Enumeration

Related Identifiers

Affected Products

References · 6