CVE-2021-34360

Published: May 26, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later

Affected (2)

Products: Qnap: Nas Proxy Server

Qnap

1 product

Nas Proxy Server

Configuration A

1 platform

Running on/with	Platform Versions
Qnap Qts	From 4.5.1 to 4.5.4.2012

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qnap Nas Proxy Server	From 1.4.0 to 1.4.3

Running on/with	Platform Versions
Qnap Quts Hero	Version h5.0.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qnap Nas Proxy Server	From 1.4.0 to 1.4.2

Running on/with	Platform Versions
Qnap Qutscloud	Version c4.5.6

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://www.qnap.com/en/security-advisory/qsa-22-18

Source: security@qnapsecurity.com.tw

Vendor Advisory

https://www.qnap.com/en/security-advisory/qsa-22-18

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.