Vulnerability Description
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Nas Proxy Server | >= 1.4.0, < 1.4.2 |
| Qnap | Qts | >= 4.5.1, <= 4.5.4.2012 |
| Qnap | Quts Hero | h5.0.0 |
| Qnap | Qutscloud | c4.5.6 |
Related Weaknesses (CWE)
References
- https://www.qnap.com/en/security-advisory/qsa-22-18Vendor Advisory
- https://www.qnap.com/en/security-advisory/qsa-22-18Vendor Advisory
FAQ
What is CVE-2021-34360?
CVE-2021-34360 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We ha...
How severe is CVE-2021-34360?
CVE-2021-34360 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34360?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Nas Proxy Server, Qnap Qts, Qnap Quts Hero, Qnap Qutscloud.