CVE-2021-44055

Published: May 5, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later

Affected (3)

Products: Qnap: Video Station

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Qnap Video Station	Before 5.1.8
Qnap Video Station	From 5.2.0 to 5.3.13
Qnap Video Station	From 5.4.0 to 5.5.9

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.qnap.com/en/security-advisory/qsa-22-14

Source: security@qnapsecurity.com.tw

Vendor Advisory

https://www.qnap.com/en/security-advisory/qsa-22-14

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.