All the vulnerabilites related to qnap - surveillance_station
cve-2020-2501
Vulnerability from cvelistv5
Published
2021-02-17 03:25
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-07 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | QNAP Systems Inc. | Surveillance Station |
Version: unspecified < 5.1.5.4.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:54.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)"
],
"product": "Surveillance Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.5.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) ."
],
"product": "Surveillance Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.5.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "An independent security researcher reported this vulnerability to SSD Secure Disclosure"
}
],
"datePublic": "2021-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-17T03:25:13",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
}
],
"source": {
"advisory": "QSA-21-07",
"discovery": "EXTERNAL"
},
"title": "Stack Buffer Overflow in Surveillance Station",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-02-17T00:29:00.000Z",
"ID": "CVE-2020-2501",
"STATE": "PUBLIC",
"TITLE": "Stack Buffer Overflow in Surveillance Station"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Surveillance Station",
"version": {
"version_data": [
{
"platform": "ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)",
"version_affected": "\u003c",
"version_value": "5.1.5.4.3"
},
{
"platform": "ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) .",
"version_affected": "\u003c",
"version_value": "5.1.5.3.3"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "An independent security researcher reported this vulnerability to SSD Secure Disclosure"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-07",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
}
],
"source": {
"advisory": "QSA-21-07",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2020-2501",
"datePublished": "2021-02-17T03:25:13.658920Z",
"dateReserved": "2019-12-09T00:00:00",
"dateUpdated": "2024-09-16T19:47:04.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28797
Vulnerability from cvelistv5
Published
2021-04-14 08:50
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-07 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | QNAP Systems Inc. | Surveillance Station |
Version: unspecified < 5.1.5.4.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)"
],
"product": "Surveillance Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.5.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
],
"product": "Surveillance Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.5.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T08:50:12",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
}
],
"source": {
"advisory": "QSA-21-07",
"discovery": "EXTERNAL"
},
"title": "Stack Buffer Overflow in Surveillance Station",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-04-14T08:24:00.000Z",
"ID": "CVE-2021-28797",
"STATE": "PUBLIC",
"TITLE": "Stack Buffer Overflow in Surveillance Station"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Surveillance Station",
"version": {
"version_data": [
{
"platform": "ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)",
"version_affected": "\u003c",
"version_value": "5.1.5.4.3"
},
{
"platform": "ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)",
"version_affected": "\u003c",
"version_value": "5.1.5.3.3"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-07",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions:\n\nSurveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS)\nSurveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
}
],
"source": {
"advisory": "QSA-21-07",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-28797",
"datePublished": "2021-04-14T08:50:12.924773Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-17T03:28:54.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38687
Vulnerability from cvelistv5
Published
2021-12-29 13:05
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-46 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | QNAP Systems Inc. | Surveillance Station |
Version: unspecified < 5.2.0.4.2 ( 2021/10/26 ) |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 5.0 (64 bit)"
],
"product": "Surveillance Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.2.0.4.2 ( 2021/10/26 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0 (32 bit)"
],
"product": "Surveillance Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.2.0.3.2 ( 2021/10/26 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.3.6 (64 bit)"
],
"product": "Surveillance Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.5.4.6 ( 2021/10/26 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.3.6 (32 bit)"
],
"product": "Surveillance Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.5.3.6 ( 2021/10/26 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.3.3"
],
"product": "Surveillance Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.5.3.6 ( 2021/10/26 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "crixer"
}
],
"datePublic": "2021-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-29T13:05:14",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Surveillance Station:\nQTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later\nQTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later\nQTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later\nQTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later\nQTS 4.3.3 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
}
],
"source": {
"advisory": "QSA-21-46",
"discovery": "EXTERNAL"
},
"title": "Stack Overflow Vulnerability in Surveillance Station",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-12-10T00:04:00.000Z",
"ID": "CVE-2021-38687",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in Surveillance Station"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Surveillance Station",
"version": {
"version_data": [
{
"platform": "QTS 5.0 (64 bit)",
"version_affected": "\u003c",
"version_value": "5.2.0.4.2 ( 2021/10/26 )"
},
{
"platform": "QTS 5.0 (32 bit)",
"version_affected": "\u003c",
"version_value": "5.2.0.3.2 ( 2021/10/26 )"
},
{
"platform": "QTS 4.3.6 (64 bit)",
"version_affected": "\u003c",
"version_value": "5.1.5.4.6 ( 2021/10/26 )"
},
{
"platform": "QTS 4.3.6 (32 bit)",
"version_affected": "\u003c",
"version_value": "5.1.5.3.6 ( 2021/10/26 )"
},
{
"platform": "QTS 4.3.3",
"version_affected": "\u003c",
"version_value": "5.1.5.3.6 ( 2021/10/26 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-46",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Surveillance Station:\nQTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later\nQTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later\nQTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later\nQTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later\nQTS 4.3.3 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
}
],
"source": {
"advisory": "QSA-21-46",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38687",
"datePublished": "2021-12-29T13:05:14.828504Z",
"dateReserved": "2021-08-13T00:00:00",
"dateUpdated": "2024-09-16T20:22:38.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-12-29 13:15
Modified
2024-11-21 06:17
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | surveillance_station | * | |
| qnap | qts | 5.0.0 | |
| qnap | surveillance_station | * | |
| qnap | qts | 5.0.0 | |
| qnap | surveillance_station | * | |
| qnap | qts | 4.3.6 | |
| qnap | surveillance_station | * | |
| qnap | qts | 4.3.6 | |
| qnap | surveillance_station | * | |
| qnap | qts | 4.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:surveillance_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15A2CF32-14E5-45BF-A43B-2FE3768390FE",
"versionEndExcluding": "5.2.0.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:5.0.0:*:*:*:*:*:x64:*",
"matchCriteriaId": "E62D198C-6022-48F5-AD92-BB87D2D25342",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:surveillance_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FF03B3-0317-482D-B3AF-36B0BB8F5A53",
"versionEndExcluding": "5.2.0.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:5.0.0:*:*:*:*:*:x86:*",
"matchCriteriaId": "7536196C-B372-4437-82DF-369B14E3C52C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:surveillance_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCA8E47-638B-4318-8BBB-ED1EC7D7490C",
"versionEndExcluding": "5.1.5.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6:*:*:*:*:*:x64:*",
"matchCriteriaId": "DC0A8856-836E-4096-A7F4-2AFC4D4763BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:surveillance_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A2AC61-B545-4EA7-A7E4-2A2263E47C4A",
"versionEndExcluding": "5.1.5.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.6:*:*:*:*:*:x86:*",
"matchCriteriaId": "64340B53-0403-4EA7-9397-2D1C5882DF18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:surveillance_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A2AC61-B545-4EA7-A7E4-2A2263E47C4A",
"versionEndExcluding": "5.1.5.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5994C07-17FE-4784-9FA4-9675BA8B4743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de desbordamiento del b\u00fafer de la pila que afecta al NAS de QNAP que ejecuta Surveillance Station. Si es explotado, esta vulnerabilidad permite a atacantes ejecutar c\u00f3digo arbitrario. Ya hemos solucionado esta vulnerabilidad en las siguientes versiones de Surveillance Station: QTS versiones 5.0.0 (64 bits): Surveillance Station versiones 5.2.0.4.2 (26/10/2021) y posteriores QTS versiones 5.0.0 (32 bits): Surveillance Station versiones 5.2.0.3.2 (26/10/2021) y posteriores QTS versiones 4.3.6 (64 bits): Surveillance Station versiones 5.1.5.4.6 (26/10/2021) y posteriores QTS versiones 4.3.6 (32 bits): Surveillance Station versiones 5.1.5.3.6 (26/10/2021) y posteriores QTS versiones 4.3.3: Surveillance Station versiones 5.1.5.3.6 (26/10/2021) y posteriores"
}
],
"id": "CVE-2021-38687",
"lastModified": "2024-11-21T06:17:54.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-29T13:15:08.033",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-17 04:15
Modified
2024-11-21 05:25
Severity ?
Summary
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | surveillance_station | * | |
| qnap | surveillance_station | * | |
| qnap | nas | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:surveillance_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB076A-4279-4E8E-80C2-D1237B99C4A0",
"versionEndExcluding": "5.1.5.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:surveillance_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0928C86-06D9-4FFB-AC70-9BB18DB49956",
"versionEndExcluding": "5.1.5.4.3",
"versionStartIncluding": "5.1.5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:nas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80C76690-809E-4A12-BF56-D713DD49ED27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
},
{
"lang": "es",
"value": "Se ha reportado una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria que afecta a los dispositivos NAS de QNAP que ejecutan Surveillance Station.\u0026#xa0;Si es explotada, esta vulnerabilidad permite a atacantes ejecutar c\u00f3digo arbitrario.\u0026#xa0;QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones: Surveillance Station versiones 5.1.5.4.3 (y posterior) para ARM CPU NAS (SO de 64 bits) y x86 CPU NAS (SO de 64 bits) Surveillance Station versiones 5.1.5.3.3 (y posterior) para ARM CPU NAS (sistema operativo de 32 bits) y CPU NAS x86 (sistema operativo de 32 bits)"
}
],
"id": "CVE-2020-2501",
"lastModified": "2024-11-21T05:25:21.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-17T04:15:12.513",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-14 09:15
Modified
2024-11-21 06:00
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | surveillance_station | * | |
| qnap | surveillance_station | * | |
| qnap | nas | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:surveillance_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB076A-4279-4E8E-80C2-D1237B99C4A0",
"versionEndExcluding": "5.1.5.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap:surveillance_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0928C86-06D9-4FFB-AC70-9BB18DB49956",
"versionEndExcluding": "5.1.5.4.3",
"versionStartIncluding": "5.1.5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:nas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80C76690-809E-4A12-BF56-D713DD49ED27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)"
},
{
"lang": "es",
"value": "Se ha reportado una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria que afecta a los dispositivos QNAP NAS que ejecutan Surveillance Station.\u0026#xa0;Si es explotada, esta vulnerabilidad permite a atacantes ejecutar c\u00f3digo arbitrario.\u0026#xa0;QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones: Surveillance Station versiones 5.1.5.4.3 (y posteriores) para ARM CPU NAS (Sistema Operativo de 64 bits) y x86 CPU NAS (Sistema Operativo de 64 bits) Surveillance Station versiones 5.1.5.3.3 (y posteriores) para ARM CPU NAS (Sistema Operativo de 32 bits) y CPU NAS x86 (Sistema Operativo de 32 bits)"
}
],
"id": "CVE-2021-28797",
"lastModified": "2024-11-21T06:00:13.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-14T09:15:13.910",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-07"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}