CVE-2021-38691

CWE-120Classic Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.2%
top 20.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems Inc. QVR EliteQnap Systems Inc. QVR GuardQnap Systems Inc. QVR PRO+3 more
Timeline
PublishedJan 14
Latest updateJan 15

Description

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages6 packages

NVDqnap/qvr_elite< 2.1.4.0
CVEListV5qnap_systems_inc./qvr_eliteunspecified2.1.4.0 (2021/12/06)
NVDqnap/qvr_guard< 2.1.3.0
CVEListV5qnap_systems_inc./qvr_guardunspecified2.1.3.0 (2021/12/06)
NVDqnap/qvr_pro< 2.1.3.0

🔴Vulnerability Details

2
GHSA
GHSA-98m9-234r-rmcv: A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard2022-01-15
CVEList
Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard2022-01-14
CVE-2021-38691 (CRITICAL CVSS 9.8) | A stack buffer overflow vulnerabili | cvebase.io