← Retour aux CVEs
CVE-2021-34345
CRITICAL9.8
Description
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie9/10/2021
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
qnap:ej1600qnap:ej1600_firmwareqnap:tl-d1600sqnap:tl-d1600s_firmwareqnap:tl-d400sqnap:tl-d400s_firmwareqnap:tl-d800cqnap:tl-d800c_firmwareqnap:tl-d800sqnap:tl-d800s_firmwareqnap:tl-r1200c-rpqnap:tl-r1200c-rp_firmwareqnap:tl-r1200s-rpqnap:tl-r1200s-rp_firmwareqnap:tl-r1220sep-rpqnap:tl-r1220sep-rp_firmwareqnap:tl-r1620sdcqnap:tl-r1620sdc_firmwareqnap:tl-r1620sep-rpqnap:tl-r1620sep-rp_firmwareqnap:tl-r400sqnap:tl-r400s_firmwareqnap:tr-002qnap:tr-002_firmwareqnap:tr-004qnap:tr-004_firmwareqnap:tr-004uqnap:tr-004u_firmware
Faiblesses (CWE)
CWE-787CWE-787
References
https://www.qnap.com/en/security-advisory/qsa-21-36(security@qnapsecurity.com.tw)
https://www.qnap.com/en/security-advisory/qsa-21-36(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.