1. Home
  2. CVE Database
  3. CVE-2021-28798
HIGH · 8.8

CVE-2021-28798

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. ...

Vulnerability Description

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 20210406 and later QTS 4.3.6.1663 Build 20210504 and later QTS 4.3.3.1624 Build 20210416 and later QuTS hero h4.5.2.1638 Build 20210414 and later QNAP NAS running QTS 4.5.3 are not affected.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QnapQts>= 4.3.2.0144, < 4.3.3.1624
QnapQuts Hero< h4.5.2.1638

Related Weaknesses (CWE)

CWE-22CWE-284CWE-23

References

FAQ

What is CVE-2021-28798?

CVE-2021-28798 is a vulnerability with a CVSS score of 8.8 (HIGH). A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. ...

How severe is CVE-2021-28798?

CVE-2021-28798 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-28798?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qts, Qnap Quts Hero.