6.1

CVE-2021-44054

An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later

Data is provided by the National Vulnerability Database (NVD)
QnapQts Version >= 5.0.0.1716 < 5.0.0.1986
QnapQts Version >= 4.3.3.0174 < 4.3.3.1945
QnapQts Version >= 4.3.4.0899 < 4.3.4.1976
QnapQts Version >= 4.3.6.0895 < 4.3.6.1965
QnapQts Version >= 4.4.0.0883 < 4.5.4.1991
QnapQts Version4.2.6 Updatebuild_20170517
QnapQts Version4.2.6 Updatebuild_20190322
QnapQts Version4.2.6 Updatebuild_20190730
QnapQts Version4.2.6 Updatebuild_20190921
QnapQts Version4.2.6 Updatebuild_20191107
QnapQts Version4.2.6 Updatebuild_20200109
QnapQts Version4.2.6 Updatebuild_20200421
QnapQts Version4.2.6 Updatebuild_20200611
QnapQts Version4.2.6 Updatebuild_20200821
QnapQts Version4.2.6 Updatebuild_20210327
QnapQts Version4.2.6 Updatebuild_20211215
QnapQuts Hero Version < h4.5.4.1771
QnapQuts Hero Version >= h5.0.0.1772 < h5.0.0.1986
QnapQutscloud Version < c5.0.1.1998
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.21% 0.433
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
security@qnapsecurity.com.tw 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.