CVE-2021-34345: Stack Based Overflow Vulnerability in NVR Storage Expansion
First published: Fri Sep 10 2021(Updated: )
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qnap EJ1600 | <1.0.6 | |
| Qnap Ej1600 Firmware | ||
| QNAP TL-R1620SDC | <1.0.6 | |
| Qnap Tl-r1620sdc Firmware | ||
| Qnap TL-R1220SEP-RP | <1.0.6 | |
| Qnap TL-R1620SEP-RP Firmware | ||
| Qnap TL-R1220SEP-RP | <1.0.6 | |
| Qnap Tl-r1220sep-rp Firmware | ||
| Qnap Tl-d1600s Firmware | <1.0.6 | |
| Vsolcn V1600d | ||
| Qnap TL-D800S | <1.0.6 | |
| Qnap TL-D800S Firmware | ||
| Qnap Tl-d400s Firmware | <1.0.6 | |
| Qnap TL-D400S | ||
| Qnap TL-R1200S-RP Firmware | <1.0.6 | |
| Qnap TL-R1200S-RP Firmware | ||
| Qnap TL-R400S | <1.0.6 | |
| Qnap TL-R400S | ||
| Qnap Tl-r1200c-rp Firmware | <1.0.6 | |
| Qnap Tl-r1200c-rp Firmware | ||
| Qnap TL-D800C | <1.0.6 | |
| Qnap TL-D800C Firmware | ||
| Qnap TR-004 | <1.0.6 | |
| Qnap TR-004U | ||
| Qnap TR-002 Firmware | <1.0.6 | |
| Qnap TR-002 Firmware | ||
| Qnap TR-004U Firmware | <1.0.6 | |
| Qnap TR-004U Firmware |
Remedy
We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-34345?
The severity of CVE-2021-34345 is critical due to its potential to allow attackers to execute arbitrary code.
How do I fix CVE-2021-34345?
To fix CVE-2021-34345, update NVR Storage Expansion to version 1.0.6 or later.
Which QNAP devices are affected by CVE-2021-34345?
CVE-2021-34345 affects specific QNAP devices running NVR Storage Expansion with firmware versions earlier than 1.0.6.
What is a stack buffer overflow in the context of CVE-2021-34345?
In CVE-2021-34345, a stack buffer overflow is a vulnerability that enables attackers to overwrite stack memory, potentially leading to arbitrary code execution.
Can CVE-2021-34345 be exploited remotely?
Yes, CVE-2021-34345 can be exploited remotely, allowing attackers to compromise the affected QNAP devices.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/qnap
- canonical/qnap ej1600
- canonical/qnap ej1600 firmware
- canonical/qnap tl-r1620sdc
- canonical/qnap tl-r1620sdc firmware
- canonical/qnap tl-r1220sep-rp
- canonical/qnap tl-r1620sep-rp firmware
- canonical/qnap tl-r1220sep-rp firmware
- canonical/qnap tl-d1600s firmware
- canonical/vsolcn v1600d
- canonical/qnap tl-d800s
- canonical/qnap tl-d800s firmware
- canonical/qnap tl-d400s firmware
- canonical/qnap tl-d400s
- canonical/qnap tl-r1200s-rp firmware
- canonical/qnap tl-r400s
- canonical/qnap tl-r1200c-rp firmware
- canonical/qnap tl-d800c
- canonical/qnap tl-d800c firmware
- canonical/qnap tr-004
- canonical/qnap tr-004u
- canonical/qnap tr-002 firmware
- canonical/qnap tr-004u firmware