CVE-2021-38687
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later
Affected (4)
Products: Qnap: Surveillance Station
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.0.4.2 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 5.0.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.0.3.2 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 5.0.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.1.5.4.6 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 4.3.6 |
Configuration D
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 4.3.6 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.1.5.3.6 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 4.3.3 |
References (2)
Source: security@qnapsecurity.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.