CVE-2021-34343

Published Sep 10, 2021

Last updated 3 years ago

CVSS high 7.2

Overview

Description: A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later
Source: security@qnapsecurity.com.tw
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-787
security@qnapsecurity.com.tw: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6872822F-3262-4478-BBF6-E18EB0F2B3A7",
            "versionEndExcluding": "4.3.3.1693"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE4A9109-5905-4844-B6B2-9B339D15E5A6",
            "versionEndExcluding": "4.3.6.1750",
            "versionStartIncluding": "4.3.4"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "760BDF32-6E7B-483B-ABAE-1BF7FB53FF27",
            "versionEndExcluding": "4.5.4.1715",
            "versionStartIncluding": "4.4.0"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FC041DE-AA6E-41BB-8E67-642E75283BA2",
            "versionEndExcluding": "5.0.0.1716",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B57DE98-C9C6-4C4D-B790-293D6D0CE646",
            "versionEndExcluding": "h4.5.4.1771"
          },
          {
            "criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65E1E2FD-8AB8-4C29-AC6F-619CB0888620",
            "versionEndExcluding": "c4.5.6.1755"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References