Vulnerability Description
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Ej1600 Firmware | < 1.0.6 |
| Qnap | Ej1600 | - |
| Qnap | Tl-R1620Sdc Firmware | < 1.0.6 |
| Qnap | Tl-R1620Sdc | - |
| Qnap | Tl-R1620Sep-Rp Firmware | < 1.0.6 |
| Qnap | Tl-R1620Sep-Rp | - |
| Qnap | Tl-R1220Sep-Rp Firmware | < 1.0.6 |
| Qnap | Tl-R1220Sep-Rp | - |
| Qnap | Tl-D1600S Firmware | < 1.0.6 |
| Qnap | Tl-D1600S | - |
| Qnap | Tl-D800S Firmware | < 1.0.6 |
| Qnap | Tl-D800S | - |
| Qnap | Tl-D400S Firmware | < 1.0.6 |
| Qnap | Tl-D400S | - |
| Qnap | Tl-R1200S-Rp Firmware | < 1.0.6 |
| Qnap | Tl-R1200S-Rp | - |
| Qnap | Tl-R400S Firmware | < 1.0.6 |
| Qnap | Tl-R400S | - |
| Qnap | Tl-R1200C-Rp Firmware | < 1.0.6 |
| Qnap | Tl-R1200C-Rp | - |
Related Weaknesses (CWE)
References
- https://www.qnap.com/en/security-advisory/qsa-21-36Vendor Advisory
- https://www.qnap.com/en/security-advisory/qsa-21-36Vendor Advisory
FAQ
What is CVE-2021-34345?
CVE-2021-34345 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have alread...
How severe is CVE-2021-34345?
CVE-2021-34345 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-34345?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Ej1600 Firmware, Qnap Ej1600, Qnap Tl-R1620Sdc Firmware, Qnap Tl-R1620Sdc, Qnap Tl-R1620Sep-Rp Firmware.