CVE-2021-38693Path Traversal in Systems INC QTS

CWE-22Path Traversal3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 49.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap Systems INC Qutscloud+3 more
Timeline
PublishedMay 5
Latest updateMay 6

Description

A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

NVDqnap/quts_heroh5.0.0.1772h5.0.0.1949
CVEListV5qnap_systems_inc/quts_herounspecifiedh5.0.0.1949 build 20220215+1
NVDqnap/qutscloud< c5.0.1.1949
CVEListV5qnap_systems_inc/qutscloudunspecifiedc5.0.1.1949
NVDqnap/qts5.0.0.17165.0.0.1986+1

🔴Vulnerability Details

2
GHSA
GHSA-cj82-5f36-ppxw: A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance2022-05-06
CVEList
Path Traversal in thttpd2022-05-05
CVE-2021-38693 — Path Traversal in Qnap Systems INC QTS | cvebase