CVE-2021-38686Improper Authentication in Systems INC QVR

CWE-287Improper Authentication3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 48.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QVRQnap QVR
Timeline
PublishedNov 26
Latest updateMay 24

Description

An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5qnap_systems_inc/qvrunspecifiedQVR FW 5.1.6 build 20211109
NVDqnap/qvr< 5.1.6

🔴Vulnerability Details

2
GHSA
GHSA-8qv9-29c6-9v3g: An improper authentication vulnerability has been reported to affect QNAP device, VioStor2022-05-24
CVEList
Improper Authentication Vulnerability in VioStor2021-11-26
CVE-2021-38686 — Improper Authentication | cvebase