CVE-2021-38687

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.8%
top 25.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Surveillance StationQnap Surveillance Station
Timeline
PublishedDec 29
Latest updateDec 30

Description

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and late

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDqnap/surveillance_station< 5.2.0.4.2+3
CVEListV5qnap_systems_inc./surveillance_stationunspecified5.2.0.4.2 ( 2021/10/26 )+3

🔴Vulnerability Details

2
GHSA
GHSA-8397-33w7-cmhc: A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station2021-12-30
CVEList
Stack Overflow Vulnerability in Surveillance Station2021-12-29
CVE-2021-38687 (CRITICAL CVSS 9.8) | A stack buffer overflow vulnerabili | cvebase.io