Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard
CVE-2021-38691

8.1HIGH

Key Information:

Vendor: QNAP
Status: Qvr Elite; Qvr Pro; Qvr Guard
Vendor: CVE Published:; 14 January 2022

Summary

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later

Affected Version(s)

QVR Elite QTS 4.5.4 < 2.1.4.0 (2021/12/06)

QVR Elite QTS 5.0.0 < 2.1.4.0 (2021/12/06)

QVR Elite QuTS hero h4.5.4 < 2.1.4.0 (2021/12/06)

References

https://www.qnap.com/en/security-advisory/qsa-21-59

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2022
Vulnerability Reserved
Aug 13, 2021

Credit

crixer