CVE-2021-38687
Summary
| CVE | CVE-2021-38687 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-29 13:15:00 UTC |
| Updated | 2022-01-10 20:54:00 UTC |
| Description | A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Qnap | Qts | 4.3.3 | All | All | All |
| Operating System | Qnap | Qts | 4.3.6 | All | All | All |
| Operating System | Qnap | Qts | 4.3.6 | All | All | All |
| Operating System | Qnap | Qts | 5.0.0 | All | All | All |
| Operating System | Qnap | Qts | 5.0.0 | All | All | All |
| Application | Qnap | Surveillance Station | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Stack Buffer Overflow Vulnerability in Surveillance Station - Security Advisory | QNAP | CONFIRM | www.qnap.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: crixer
There are currently no legacy QID mappings associated with this CVE.