CVE-2021-34345
Last modified
CVE-2021-34345 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. EPSS estimates a 1.53% chance of exploitation in the next 30 days.
Description
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Ej1600 Firmware | < 1.0.6 |
| Qnap | Tl-R1620sdc Firmware | < 1.0.6 |
| Qnap | Tl-R1620sep-Rp Firmware | < 1.0.6 |
| Qnap | Tl-R1220sep-Rp Firmware | < 1.0.6 |
| Qnap | Tl-D1600s Firmware | < 1.0.6 |
| Qnap | Tl-D800s Firmware | < 1.0.6 |
| Qnap | Tl-D400s Firmware | < 1.0.6 |
| Qnap | Tl-R1200s-Rp Firmware | < 1.0.6 |
| Qnap | Tl-R400s Firmware | < 1.0.6 |
| Qnap | Tl-R1200c-Rp Firmware | < 1.0.6 |
| Qnap | Tl-D800c Firmware | < 1.0.6 |
| Qnap | Tr-004 Firmware | < 1.0.6 |
| Qnap | Tr-002 Firmware | < 1.0.6 |
| Qnap | Tr-004u Firmware | < 1.0.6 |
References
- https://www.qnap.com/en/security-advisory/qsa-21-36Vendor Advisory
- https://www.qnap.com/en/security-advisory/qsa-21-36Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-34345?
How severe is CVE-2021-34345?
How do I fix CVE-2021-34345?
Are you affected by CVE-2021-34345?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST