Vulnerability Description
A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Media Streaming Add-On | < 500.0.0.3 |
| Qnap | Qts | 4.5.4 |
| Qnap | Quts Hero | h4.5.4 |
Related Weaknesses (CWE)
References
- https://www.qnap.com/en/security-advisory/qsa-21-44Vendor Advisory
- https://www.qnap.com/en/security-advisory/qsa-21-44Vendor Advisory
FAQ
What is CVE-2021-34362?
CVE-2021-34362 is a vulnerability with a CVSS score of 8.7 (HIGH). A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have alr...
How severe is CVE-2021-34362?
CVE-2021-34362 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34362?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Media Streaming Add-On, Qnap Qts, Qnap Quts Hero.