Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for surveillance_station by qnap

    CVE-2021-38687 (GCVE-0-2021-38687)

    Vulnerability from nvd – Published: 2021-12-29 13:05 – Updated: 2024-09-16 20:22
    VLAI
    Title
    Stack Overflow Vulnerability in Surveillance Station
    Summary
    A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.2.0.4.2 ( 2021/10/26 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.2.0.3.2 ( 2021/10/26 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.4.6 ( 2021/10/26 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.3.6 ( 2021/10/26 ) (custom)
    Create a notification for this product.
    Date Public
    2021-12-10 00:00
    Credits
    crixer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:19.220Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "QTS 5.0 (64 bit)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.2.0.4.2 ( 2021/10/26 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 5.0 (32 bit)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.2.0.3.2 ( 2021/10/26 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.3.6 (64 bit)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.4.6 ( 2021/10/26 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.3.6 (32 bit)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.3.6 ( 2021/10/26 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.3.3"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.3.6 ( 2021/10/26 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "crixer"
            }
          ],
          "datePublic": "2021-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-29T13:05:14.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of Surveillance Station:\nQTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later\nQTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later\nQTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later\nQTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later\nQTS 4.3.3 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-46",
            "discovery": "EXTERNAL"
          },
          "title": "Stack Overflow Vulnerability in Surveillance Station",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-12-10T00:04:00.000Z",
              "ID": "CVE-2021-38687",
              "STATE": "PUBLIC",
              "TITLE": "Stack Overflow Vulnerability in Surveillance Station"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Surveillance Station",
                          "version": {
                            "version_data": [
                              {
                                "platform": "QTS 5.0 (64 bit)",
                                "version_affected": "\u003c",
                                "version_value": "5.2.0.4.2 ( 2021/10/26 )"
                              },
                              {
                                "platform": "QTS 5.0 (32 bit)",
                                "version_affected": "\u003c",
                                "version_value": "5.2.0.3.2 ( 2021/10/26 )"
                              },
                              {
                                "platform": "QTS 4.3.6 (64 bit)",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.4.6 ( 2021/10/26 )"
                              },
                              {
                                "platform": "QTS 4.3.6 (32 bit)",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.3.6 ( 2021/10/26 )"
                              },
                              {
                                "platform": "QTS 4.3.3",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.3.6 ( 2021/10/26 )"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "crixer"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-46",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of Surveillance Station:\nQTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later\nQTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later\nQTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later\nQTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later\nQTS 4.3.3 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-46",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-38687",
        "datePublished": "2021-12-29T13:05:14.828Z",
        "dateReserved": "2021-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:22:38.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28797 (GCVE-0-2021-28797)

    Vulnerability from nvd – Published: 2021-04-14 08:50 – Updated: 2024-09-17 03:28
    VLAI
    Title
    Stack Buffer Overflow in Surveillance Station
    Summary
    A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.4.3 (custom)
    Create a notification for this product.
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.3.3 (custom)
    Create a notification for this product.
    Date Public
    2021-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.543Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.3.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-14T08:50:12.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
            }
          ],
          "source": {
            "advisory": "QSA-21-07",
            "discovery": "EXTERNAL"
          },
          "title": "Stack Buffer Overflow in Surveillance Station",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-04-14T08:24:00.000Z",
              "ID": "CVE-2021-28797",
              "STATE": "PUBLIC",
              "TITLE": "Stack Buffer Overflow in Surveillance Station"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Surveillance Station",
                          "version": {
                            "version_data": [
                              {
                                "platform": "ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.4.3"
                              },
                              {
                                "platform": "ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-07",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
              }
            ],
            "source": {
              "advisory": "QSA-21-07",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-28797",
        "datePublished": "2021-04-14T08:50:12.924Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:28:54.883Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2501 (GCVE-0-2020-2501)

    Vulnerability from nvd – Published: 2021-02-17 03:25 – Updated: 2024-09-16 19:47
    VLAI
    Title
    Stack Buffer Overflow in Surveillance Station
    Summary
    A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.4.3 (custom)
    Create a notification for this product.
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.3.3 (custom)
    Create a notification for this product.
    Date Public
    2021-02-17 00:00
    Credits
    An independent security researcher reported this vulnerability to SSD Secure Disclosure
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:09:54.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) ."
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.3.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "An independent security researcher reported this vulnerability to SSD Secure Disclosure"
            }
          ],
          "datePublic": "2021-02-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-17T03:25:13.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
            }
          ],
          "source": {
            "advisory": "QSA-21-07",
            "discovery": "EXTERNAL"
          },
          "title": "Stack Buffer Overflow in Surveillance Station",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-02-17T00:29:00.000Z",
              "ID": "CVE-2020-2501",
              "STATE": "PUBLIC",
              "TITLE": "Stack Buffer Overflow in Surveillance Station"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Surveillance Station",
                          "version": {
                            "version_data": [
                              {
                                "platform": "ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.4.3"
                              },
                              {
                                "platform": "ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) .",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "An independent security researcher reported this vulnerability to SSD Secure Disclosure"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-07",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
              }
            ],
            "source": {
              "advisory": "QSA-21-07",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2020-2501",
        "datePublished": "2021-02-17T03:25:13.658Z",
        "dateReserved": "2019-12-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:47:04.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38687 (GCVE-0-2021-38687)

    Vulnerability from cvelistv5 – Published: 2021-12-29 13:05 – Updated: 2024-09-16 20:22
    VLAI
    Title
    Stack Overflow Vulnerability in Surveillance Station
    Summary
    A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.2.0.4.2 ( 2021/10/26 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.2.0.3.2 ( 2021/10/26 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.4.6 ( 2021/10/26 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.3.6 ( 2021/10/26 ) (custom)
    Create a notification for this product.
    Date Public
    2021-12-10 00:00
    Credits
    crixer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:19.220Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "QTS 5.0 (64 bit)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.2.0.4.2 ( 2021/10/26 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 5.0 (32 bit)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.2.0.3.2 ( 2021/10/26 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.3.6 (64 bit)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.4.6 ( 2021/10/26 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.3.6 (32 bit)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.3.6 ( 2021/10/26 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QTS 4.3.3"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.3.6 ( 2021/10/26 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "crixer"
            }
          ],
          "datePublic": "2021-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-29T13:05:14.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of Surveillance Station:\nQTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later\nQTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later\nQTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later\nQTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later\nQTS 4.3.3 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-46",
            "discovery": "EXTERNAL"
          },
          "title": "Stack Overflow Vulnerability in Surveillance Station",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-12-10T00:04:00.000Z",
              "ID": "CVE-2021-38687",
              "STATE": "PUBLIC",
              "TITLE": "Stack Overflow Vulnerability in Surveillance Station"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Surveillance Station",
                          "version": {
                            "version_data": [
                              {
                                "platform": "QTS 5.0 (64 bit)",
                                "version_affected": "\u003c",
                                "version_value": "5.2.0.4.2 ( 2021/10/26 )"
                              },
                              {
                                "platform": "QTS 5.0 (32 bit)",
                                "version_affected": "\u003c",
                                "version_value": "5.2.0.3.2 ( 2021/10/26 )"
                              },
                              {
                                "platform": "QTS 4.3.6 (64 bit)",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.4.6 ( 2021/10/26 )"
                              },
                              {
                                "platform": "QTS 4.3.6 (32 bit)",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.3.6 ( 2021/10/26 )"
                              },
                              {
                                "platform": "QTS 4.3.3",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.3.6 ( 2021/10/26 )"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "crixer"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-46",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of Surveillance Station:\nQTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later\nQTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later\nQTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later\nQTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later\nQTS 4.3.3 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-46",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-38687",
        "datePublished": "2021-12-29T13:05:14.828Z",
        "dateReserved": "2021-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:22:38.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28797 (GCVE-0-2021-28797)

    Vulnerability from cvelistv5 – Published: 2021-04-14 08:50 – Updated: 2024-09-17 03:28
    VLAI
    Title
    Stack Buffer Overflow in Surveillance Station
    Summary
    A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.4.3 (custom)
    Create a notification for this product.
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.3.3 (custom)
    Create a notification for this product.
    Date Public
    2021-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.543Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.3.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-14T08:50:12.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
            }
          ],
          "source": {
            "advisory": "QSA-21-07",
            "discovery": "EXTERNAL"
          },
          "title": "Stack Buffer Overflow in Surveillance Station",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-04-14T08:24:00.000Z",
              "ID": "CVE-2021-28797",
              "STATE": "PUBLIC",
              "TITLE": "Stack Buffer Overflow in Surveillance Station"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Surveillance Station",
                          "version": {
                            "version_data": [
                              {
                                "platform": "ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.4.3"
                              },
                              {
                                "platform": "ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-07",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
              }
            ],
            "source": {
              "advisory": "QSA-21-07",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-28797",
        "datePublished": "2021-04-14T08:50:12.924Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:28:54.883Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2501 (GCVE-0-2020-2501)

    Vulnerability from cvelistv5 – Published: 2021-02-17 03:25 – Updated: 2024-09-16 19:47
    VLAI
    Title
    Stack Buffer Overflow in Surveillance Station
    Summary
    A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.4.3 (custom)
    Create a notification for this product.
    QNAP Systems Inc. Surveillance Station Affected: unspecified , < 5.1.5.3.3 (custom)
    Create a notification for this product.
    Date Public
    2021-02-17 00:00
    Credits
    An independent security researcher reported this vulnerability to SSD Secure Disclosure
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:09:54.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)"
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) ."
              ],
              "product": "Surveillance Station",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "5.1.5.3.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "An independent security researcher reported this vulnerability to SSD Secure Disclosure"
            }
          ],
          "datePublic": "2021-02-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-17T03:25:13.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
            }
          ],
          "source": {
            "advisory": "QSA-21-07",
            "discovery": "EXTERNAL"
          },
          "title": "Stack Buffer Overflow in Surveillance Station",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-02-17T00:29:00.000Z",
              "ID": "CVE-2020-2501",
              "STATE": "PUBLIC",
              "TITLE": "Stack Buffer Overflow in Surveillance Station"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Surveillance Station",
                          "version": {
                            "version_data": [
                              {
                                "platform": "ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.4.3"
                              },
                              {
                                "platform": "ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) .",
                                "version_affected": "\u003c",
                                "version_value": "5.1.5.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "An independent security researcher reported this vulnerability to SSD Secure Disclosure"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-07",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
              }
            ],
            "source": {
              "advisory": "QSA-21-07",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2020-2501",
        "datePublished": "2021-02-17T03:25:13.658Z",
        "dateReserved": "2019-12-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:47:04.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }