What is CVE-2021-34362?

CVE-2021-34362 is a command injection vulnerability that affects QNAP devices running Media Streaming add-on.

How does CVE-2021-34362 impact QNAP devices?

If exploited, CVE-2021-34362 allows remote attackers to run arbitrary commands on affected QNAP devices.

Which versions of Media Streaming add-on are affected by CVE-2021-34362?

Media Streaming add-on versions up to and excluding 500.0.0.3 are affected by CVE-2021-34362.

How can I fix CVE-2021-34362?

To fix CVE-2021-34362, ensure that you have updated Media Streaming add-on version 500.0.0.3 or later.

Where can I find more information about CVE-2021-34362?

You can find more information about CVE-2021-34362 in the QNAP Security Advisory QSA-21-44.

Vulnerability/
CVE-2021-34362

high

8.7

CWE

77 78

22/10/2021

16/9/2024

CVE-2021-34362: Command Injection Vulnerability in Media Streaming Add-on

First published: Fri Oct 22 2021(Updated: )

A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
Qnap Media Streaming Add-on	<500.0.0.3
QNAP QTS	=4.5.4
QNAP QTS	=5.0.0
Qnap Media Streaming Add-on	<430.1.8.12
QNAP QTS	=4.3.3
QNAP QTS	=4.3.6
QNAP QuTS hero	=h4.5.4
QNAP QuTS hero	=h5.0.0

Remedy

We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later

Never miss a vulnerability like this again

Reference Links

https://www.qnap.com/en/security-advisory/qsa-21-44

Frequently Asked Questions

What is CVE-2021-34362?
CVE-2021-34362 is a command injection vulnerability that affects QNAP devices running Media Streaming add-on.
How does CVE-2021-34362 impact QNAP devices?
If exploited, CVE-2021-34362 allows remote attackers to run arbitrary commands on affected QNAP devices.
Which versions of Media Streaming add-on are affected by CVE-2021-34362?
Media Streaming add-on versions up to and excluding 500.0.0.3 are affected by CVE-2021-34362.
How can I fix CVE-2021-34362?
To fix CVE-2021-34362, ensure that you have updated Media Streaming add-on version 500.0.0.3 or later.
Where can I find more information about CVE-2021-34362?
You can find more information about CVE-2021-34362 in the QNAP Security Advisory QSA-21-44.

agent/weakness
agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/references
agent/author
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/remedy
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/event
vendor/qnap
canonical/qnap media streaming add-on
canonical/qnap qts
version/qnap qts/4.5.4
version/qnap qts/5.0.0
version/qnap qts/4.3.3
version/qnap qts/4.3.6
canonical/qnap quts hero
version/qnap quts hero/h4.5.4
version/qnap quts hero/h5.0.0