CVE-2021-34346

Published: Sep 10, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later

Affected (1)

Products: Qnap: Nvr Storage Expansion Firmware

1 product

Nvr Storage Expansion Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qnap Nvr Storage Expansion Firmware	Before 1.0.6

Running on/with	Platform Versions
Qnap Nvr Storage Expansion	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.qnap.com/en/security-advisory/qsa-21-36

Source: security@qnapsecurity.com.tw

Vendor Advisory

https://www.qnap.com/en/security-advisory/qsa-21-36

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.