CVE-2021-28798Relative Path Traversal in Systems INC QTS

CWE-23Relative Path TraversalCWE-284Improper Access ControlCWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
CNA8.8
EPSS
0.4%
top 39.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap QTS+1 more
Timeline
PublishedMay 21
Latest updateMay 24

Description

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 20210406 and later QTS 4.3.6.1663 Build 20210504 and later QTS 4.3.3.1624 Build 20210416 and later QuTS hero h4.5.2.1638 Build 20210414 and later QNAP NAS running QTS 4.5.3 are not affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5qnap_systems_inc/quts_herounspecifiedh4.5.2.1638 Build 20210414
NVDqnap/quts_hero< h4.5.2.1638
CVEListV5qnap_systems_inc/qtsunspecified4.5.2.1630 Build 20210406+2
NVDqnap/qts4.3.2.01444.3.3.1624+2

🔴Vulnerability Details

2
GHSA
GHSA-hc4v-wrjp-6qpg: A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero2022-05-24
CVEList
Relative Path Traversal Vulnerability in QTS and QuTS hero2021-05-21
CVE-2021-28798 — Relative Path Traversal | cvebase