CVE-2021-44054Open Redirect in Systems INC QTS

CWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUMNVD
CNA4.3
EPSS
0.2%
top 56.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap Systems INC Qutscloud+3 more
Timeline
PublishedMay 5
Latest updateMay 6

Description

An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.199

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

NVDqnap/quts_heroh5.0.0.1772h5.0.0.1986+1
CVEListV5qnap_systems_inc/quts_herounspecifiedh5.0.0.1949 build 20220215+1
NVDqnap/qutscloud< c5.0.1.1998
CVEListV5qnap_systems_inc/qutscloudunspecifiedc5.0.1.1949
NVDqnap/qts5.0.0.17165.0.0.1986+5

🔴Vulnerability Details

2
GHSA
GHSA-c3cc-pmc5-52xv: An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS2022-05-06
CVEList
Open redirect2022-05-05
CVE-2021-44054 — Open Redirect in Qnap Systems INC QTS | cvebase