9.8
CVE-2021-34345
- EPSS 1.21%
- Veröffentlicht 10.09.2021 04:15:18
- Zuletzt bearbeitet 21.11.2024 06:10:12
- Quelle security@qnapsecurity.com.tw
- Teams Watchlist Login
- Unerledigt Login
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qnap ≫ Ej1600 Firmware Version < 1.0.6
Qnap ≫ Tl-r1620sdc Firmware Version < 1.0.6
Qnap ≫ Tl-r1620sep-rp Firmware Version < 1.0.6
Qnap ≫ Tl-r1220sep-rp Firmware Version < 1.0.6
Qnap ≫ Tl-d1600s Firmware Version < 1.0.6
Qnap ≫ Tl-d800s Firmware Version < 1.0.6
Qnap ≫ Tl-d400s Firmware Version < 1.0.6
Qnap ≫ Tl-r1200s-rp Firmware Version < 1.0.6
Qnap ≫ Tl-r400s Firmware Version < 1.0.6
Qnap ≫ Tl-r1200c-rp Firmware Version < 1.0.6
Qnap ≫ Tl-d800c Firmware Version < 1.0.6
Qnap ≫ Tr-004 Firmware Version < 1.0.6
Qnap ≫ Tr-002 Firmware Version < 1.0.6
Qnap ≫ Tr-004u Firmware Version < 1.0.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.21% | 0.771 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| security@qnapsecurity.com.tw | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.