Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for tr-004_firmware by qnap

    CVE-2021-34345 (GCVE-0-2021-34345)

    Vulnerability from nvd – Published: 2021-09-10 04:00 – Updated: 2024-09-16 22:09
    VLAI
    Title
    Stack Based Overflow Vulnerability in NVR Storage Expansion
    Summary
    A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. NVR Storage Expansion Affected: unspecified , < 1.0.6 ( 2021/08/03 ) (custom)
    Create a notification for this product.
    Date Public
    2021-09-10 00:00
    Credits
    crixer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:05:52.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-36"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVR Storage Expansion",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.6 ( 2021/08/03 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "crixer"
            }
          ],
          "datePublic": "2021-09-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-10T04:00:26.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-36"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of NVR Storage Expansion:\nNVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-36",
            "discovery": "EXTERNAL"
          },
          "title": "Stack Based Overflow Vulnerability in NVR Storage Expansion",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-09-10T09:27:00.000Z",
              "ID": "CVE-2021-34345",
              "STATE": "PUBLIC",
              "TITLE": "Stack Based Overflow Vulnerability in NVR Storage Expansion"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVR Storage Expansion",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.0.6 ( 2021/08/03 )"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "crixer"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-36",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-36"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of NVR Storage Expansion:\nNVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-36",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34345",
        "datePublished": "2021-09-10T04:00:26.223Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:54.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34345 (GCVE-0-2021-34345)

    Vulnerability from cvelistv5 – Published: 2021-09-10 04:00 – Updated: 2024-09-16 22:09
    VLAI
    Title
    Stack Based Overflow Vulnerability in NVR Storage Expansion
    Summary
    A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. NVR Storage Expansion Affected: unspecified , < 1.0.6 ( 2021/08/03 ) (custom)
    Create a notification for this product.
    Date Public
    2021-09-10 00:00
    Credits
    crixer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:05:52.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-36"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVR Storage Expansion",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.6 ( 2021/08/03 )",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "crixer"
            }
          ],
          "datePublic": "2021-09-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-10T04:00:26.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-36"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We have already fixed this vulnerability in the following versions of NVR Storage Expansion:\nNVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-36",
            "discovery": "EXTERNAL"
          },
          "title": "Stack Based Overflow Vulnerability in NVR Storage Expansion",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-09-10T09:27:00.000Z",
              "ID": "CVE-2021-34345",
              "STATE": "PUBLIC",
              "TITLE": "Stack Based Overflow Vulnerability in NVR Storage Expansion"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVR Storage Expansion",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.0.6 ( 2021/08/03 )"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "crixer"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-36",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-36"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We have already fixed this vulnerability in the following versions of NVR Storage Expansion:\nNVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-36",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-34345",
        "datePublished": "2021-09-10T04:00:26.223Z",
        "dateReserved": "2021-06-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:54.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }