CVE-2021-38678

CWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 61.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. QcalagentQnap Qcalagent
Timeline
PublishedJan 14
Latest updateJan 15

Description

An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDqnap/qcalagent< 1.1.7
CVEListV5qnap_systems_inc./qcalagentunspecified1.1.7

🔴Vulnerability Details

2
GHSA
GHSA-5m7c-7cfg-9hj4: An open redirect vulnerability has been reported to affect QNAP device running QcalAgent2022-01-15
CVEList
Open Redirect Vulnerability in QcalAgent2022-01-14
CVE-2021-38678 (MEDIUM CVSS 6.1) | An open redirect vulnerability has | cvebase.io