9.8

CVE-2021-34345

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QnapEj1600 Firmware Version < 1.0.6
   QnapEj1600 Version-
QnapTl-r1620sdc Firmware Version < 1.0.6
   QnapTl-r1620sdc Version-
QnapTl-r1620sep-rp Firmware Version < 1.0.6
   QnapTl-r1620sep-rp Version-
QnapTl-r1220sep-rp Firmware Version < 1.0.6
   QnapTl-r1220sep-rp Version-
QnapTl-d1600s Firmware Version < 1.0.6
   QnapTl-d1600s Version-
QnapTl-d800s Firmware Version < 1.0.6
   QnapTl-d800s Version-
QnapTl-d400s Firmware Version < 1.0.6
   QnapTl-d400s Version-
QnapTl-r1200s-rp Firmware Version < 1.0.6
   QnapTl-r1200s-rp Version-
QnapTl-r400s Firmware Version < 1.0.6
   QnapTl-r400s Version-
QnapTl-r1200c-rp Firmware Version < 1.0.6
   QnapTl-r1200c-rp Version-
QnapTl-d800c Firmware Version < 1.0.6
   QnapTl-d800c Version-
QnapTr-004 Firmware Version < 1.0.6
   QnapTr-004 Version-
QnapTr-002 Firmware Version < 1.0.6
   QnapTr-002 Version-
QnapTr-004u Firmware Version < 1.0.6
   QnapTr-004u Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.21% 0.771
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
security@qnapsecurity.com.tw 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.