CVE-2018-0721Classic Buffer Overflow in Systems INC QTS

CWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.7HIGHNVD
EPSS
1.3%
top 20.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QTSQnap QTS
Timeline
PublishedNov 27
Latest updateMay 13

Description

Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:LExploitability: 1.8 | Impact: 5.3

Affected Packages2 packages

CVEListV5qnap_systems_inc/qtsunspecified4.2.6+2
NVDqnap/qts4.2.6, 4.3.3, 4.3.4+2

🔴Vulnerability Details

2
GHSA
GHSA-j325-h69m-f57c: Buffer Overflow vulnerability in NAS devices2022-05-13
CVEList
Security Advisory for Vulnerabilities in QTS2018-11-27
CVE-2018-0721 — Classic Buffer Overflow | cvebase