Vulnerability Description
A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Qusbcam2 | < 1.1.4 |
| Qnap | Qts | 4.3.6 |
| Qnap | Quts Hero | h4.5.3 |
Related Weaknesses (CWE)
References
- https://www.qnap.com/en/security-advisory/qsa-21-34Vendor Advisory
- https://www.qnap.com/en/security-advisory/qsa-21-34Vendor Advisory
FAQ
What is CVE-2021-34344?
CVE-2021-34344 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this ...
How severe is CVE-2021-34344?
CVE-2021-34344 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-34344?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qusbcam2, Qnap Qts, Qnap Quts Hero.