All the vulnerabilites related to qnap - qusbcam2
cve-2021-34344
Vulnerability from cvelistv5
Published
2021-09-10 04:00
Modified
2024-09-17 02:17
Severity ?
EPSS score ?
Summary
A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-34 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | QNAP Systems Inc. | QUSBCam2 |
Version: unspecified < 1.1.4 ( 2021/07/30 ) |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.4"
],
"product": "QUSBCam2",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.1.4 ( 2021/07/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0"
],
"product": "QUSBCam2",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.0.1 ( 2021/08/03 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.3.6"
],
"product": "QUSBCam2",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.1.4 ( 2021/07/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.3.3"
],
"product": "QUSBCam2",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.1.4 ( 2021/08/06 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero 4.5.3"
],
"product": "QUSBCam2",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.1.4 ( 2021/07/30 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "crixer"
}
],
"datePublic": "2021-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T04:00:24",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-34"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QUSBCam2:\nQTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later\nQTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later\nQTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later\nQTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later\nQuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later"
}
],
"source": {
"advisory": "QSA-21-34",
"discovery": "EXTERNAL"
},
"title": "Stack Buffer Overflow Vulnerability in QUSBCam2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-09-10T09:37:00.000Z",
"ID": "CVE-2021-34344",
"STATE": "PUBLIC",
"TITLE": "Stack Buffer Overflow Vulnerability in QUSBCam2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QUSBCam2",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "\u003c",
"version_value": "1.1.4 ( 2021/07/30 )"
},
{
"platform": "QTS 5.0",
"version_affected": "\u003c",
"version_value": "2.0.1 ( 2021/08/03 )"
},
{
"platform": "QTS 4.3.6",
"version_affected": "\u003c",
"version_value": "1.1.4 ( 2021/07/30 )"
},
{
"platform": "QTS 4.3.3",
"version_affected": "\u003c",
"version_value": "1.1.4 ( 2021/08/06 )"
},
{
"platform": "QuTS hero 4.5.3",
"version_affected": "\u003c",
"version_value": "1.1.4 ( 2021/07/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-34",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-34"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QUSBCam2:\nQTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later\nQTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later\nQTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later\nQTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later\nQuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later"
}
],
"source": {
"advisory": "QSA-21-34",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-34344",
"datePublished": "2021-09-10T04:00:24.634958Z",
"dateReserved": "2021-06-08T00:00:00",
"dateUpdated": "2024-09-17T02:17:07.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23373
Vulnerability from cvelistv5
Published
2023-10-20 16:14
Modified
2024-09-16 15:48
Severity ?
EPSS score ?
Summary
An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following version:
QUSBCam2 2.0.3 ( 2023/06/15 ) and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | QNAP Systems Inc. | QUSBCam2 |
Version: 2.0.x < 2.0.3 ( 2023/06/15 ) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-43"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qnap:qusbcam2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "qusbcam2",
"vendor": "qnap",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T15:48:05.680279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T15:48:42.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QUSBCam2",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.0.3 ( 2023/06/15 )",
"status": "affected",
"version": "2.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "a crixer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQUSBCam2 2.0.3 ( 2023/06/15 ) and later\u003cbr\u003e"
}
],
"value": "An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQUSBCam2 2.0.3 ( 2023/06/15 ) and later\n"
}
],
"impacts": [
{
"capecId": "CAPEC-15",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-15"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T16:14:18.593Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-43"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQUSBCam2 2.0.3 ( 2023/06/15 ) and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQUSBCam2 2.0.3 ( 2023/06/15 ) and later\n"
}
],
"source": {
"advisory": "QSA-23-43",
"discovery": "EXTERNAL"
},
"title": "QUSBCam2",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2023-23373",
"datePublished": "2023-10-20T16:14:18.593Z",
"dateReserved": "2023-01-11T20:15:53.087Z",
"dateUpdated": "2024-09-16T15:48:42.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-10-20 17:15
Modified
2024-11-21 07:46
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following version:
QUSBCam2 2.0.3 ( 2023/06/15 ) and later
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:qusbcam2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640A39B0-28DE-4F65-BCF8-D91334E0D071",
"versionEndExcluding": "2.0.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQUSBCam2 2.0.3 ( 2023/06/15 ) and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a QUSBCam2. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QUSBCam2 2.0.3 (2023/06/15) y posteriores"
}
],
"id": "CVE-2023-23373",
"lastModified": "2024-11-21T07:46:03.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-20T17:15:08.427",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-43"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-10 04:15
Modified
2024-11-21 06:10
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:qusbcam2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "410BC516-686F-4EA4-96AE-CE1A7BEE99A1",
"versionEndExcluding": "1.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9FAC96-AA2A-4CA5-A170-8C0E6BD47391",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:qnap:qts:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4614DB45-E510-42A3-B254-DB8C4A99E907",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1BC205-A042-417C-80BA-B1A1B24A689F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later"
},
{
"lang": "es",
"value": "Se ha reportado de una vulnerabilidad de desbordamiento del b\u00fafer de la pila que afecta al dispositivo QNAP que ejecuta QUSBCam2. Si es explotado, esta vulnerabilidad permite a atacantes ejecutar c\u00f3digo arbitrario. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 (30/07/2021) y posteriores QTS 5.0: QUSBCam2 2.0.1 (03/08/2021) y posteriores QTS 4.3.6: QUSBCam2 1.1.4 (30/07/2021) y posteriores QTS 4.3.3: QUSBCam2 1.1.4 ( 06/08/2021) y posteriores QuTS hero 4.5.3: QUSBCam2 1.1.4 (30/07/2021) y posteriores\n"
}
],
"id": "CVE-2021-34344",
"lastModified": "2024-11-21T06:10:12.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-10T04:15:18.343",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-34"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}