PT-2022-5120 · Qnap · Qnap Qvr Guard+2

Crixer

Published

2022-01-13

Updated

2022-01-25

CVE-2021-38691

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QNAP QVR Elite versions prior to 2.1.4.0 QNAP QVR Pro versions prior to 2.1.3.0 QNAP QVR Guard versions prior to 2.1.3.0

Description The issue is related to a stack buffer overflow vulnerability in the memory, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For QNAP QVR Elite versions prior to 2.1.4.0, update to version 2.1.4.0 or later. For QNAP QVR Pro versions prior to 2.1.3.0, update to version 2.1.3.0 or later. For QNAP QVR Guard versions prior to 2.1.3.0, update to version 2.1.3.0 or later.

Fix

Memory Corruption

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121CWE-120

Related Identifiers

BDU:2022-06369

CVE-2021-38691

Affected Products

Qnap Qvr Elite

Qnap Qvr Guard

Qnap Qvr Pro

PT-2022-5120 · Qnap · Qnap Qvr Guard+2

CVE-2021-38691

Weakness Enumeration

Related Identifiers

Affected Products

References · 4