CVE-2021-38678: Open Redirect Vulnerability in QcalAgent
First published: Fri Jan 14 2022(Updated: )
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qnap Qcalagent | <1.1.7 |
Remedy
We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-38678?
CVE-2021-38678 is an open redirect vulnerability that affects QNAP devices running QcalAgent.
What is the severity of CVE-2021-38678?
The severity of CVE-2021-38678 is medium, with a CVSS score of 6.1.
How does CVE-2021-38678 impact QNAP devices running QcalAgent?
CVE-2021-38678 allows attackers to redirect users to an untrusted page containing malware.
Has QNAP already fixed CVE-2021-38678?
Yes, QNAP has fixed CVE-2021-38678 in the QcalAgent version 1.1.7 and above.
Where can I find more information about CVE-2021-38678?
You can find more information about CVE-2021-38678 in the QNAP Security Advisory QSA-21-60.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/title
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/qnap
- canonical/qnap qcalagent