PT-2022-5125 · Qnap · Qnap Qvr Guard+2
Crixer
·
Published
2022-01-13
·
Updated
2022-01-25
·
CVE-2021-38689
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP QVR Elite versions prior to 2.1.4.0
QNAP QVR Pro versions prior to 2.1.3.0
QNAP QVR Guard versions prior to 2.1.3.0
Description
The issue is related to a stack buffer overflow vulnerability in the memory, which can be exploited by a remote attacker to execute arbitrary code. This vulnerability affects QNAP devices running QVR Elite, QVR Pro, and QVR Guard.
Recommendations
For QNAP QVR Elite versions prior to 2.1.4.0, update to version 2.1.4.0 or later.
For QNAP QVR Pro versions prior to 2.1.3.0, update to version 2.1.3.0 or later.
For QNAP QVR Guard versions prior to 2.1.3.0, update to version 2.1.3.0 or later.
Fix
Memory Corruption
Stack Overflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qnap Qvr Elite
Qnap Qvr Guard
Qnap Qvr Pro