Vulnerability Description
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Qvr Elite | < 2.1.4.0 |
| Qnap | Qvr Guard | < 2.1.3.0 |
| Qnap | Qvr Pro | < 2.1.3.0 |
Related Weaknesses (CWE)
References
- https://www.qnap.com/en/security-advisory/qsa-21-59Vendor Advisory
- https://www.qnap.com/en/security-advisory/qsa-21-59Vendor Advisory
FAQ
What is CVE-2021-38692?
CVE-2021-38692 is a vulnerability with a CVSS score of 8.1 (HIGH). A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We hav...
How severe is CVE-2021-38692?
CVE-2021-38692 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38692?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qvr Elite, Qnap Qvr Guard, Qnap Qvr Pro.