CVE-2021-38691: Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard
First published: Fri Jan 14 2022(Updated: )
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qnap Qvr Elite | <2.1.4.0 | |
| Qnap Qvr Guard | <2.1.3.0 | |
| Qnap Qvr Pro | <2.1.3.0 |
Remedy
We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability CVE-2021-38691?
CVE-2021-38691 is a stack buffer overflow vulnerability affecting QNAP devices running QVR Elite, QVR Pro, and QVR Guard.
How does the CVE-2021-38691 vulnerability affect QNAP devices?
If exploited, the CVE-2021-38691 vulnerability allows attackers to execute arbitrary code on QNAP devices running QVR Elite, QVR Pro, and QVR Guard.
Which versions of QVR Elite are affected by the CVE-2021-38691 vulnerability?
Versions up to and excluding 2.1.4.0 of QVR Elite are affected by the CVE-2021-38691 vulnerability.
Which versions of QVR Guard are affected by the CVE-2021-38691 vulnerability?
Versions up to and excluding 2.1.3.0 of QVR Guard are affected by the CVE-2021-38691 vulnerability.
Which versions of QVR Pro are affected by the CVE-2021-38691 vulnerability?
Versions up to and excluding 2.1.3.0 of QVR Pro are affected by the CVE-2021-38691 vulnerability.
How severe is the CVE-2021-38691 vulnerability?
The CVE-2021-38691 vulnerability has a severity rating of 9.8, which is considered critical.
How can I fix the CVE-2021-38691 vulnerability?
To fix the CVE-2021-38691 vulnerability, you should update QVR Elite, QVR Pro, and QVR Guard to the following versions: QuTS ...
Where can I find more information about the CVE-2021-38691 vulnerability?
You can find more information about the CVE-2021-38691 vulnerability at the following link: https://www.qnap.com/en/security-advisory/qsa-21-59
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/tags
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- vendor/qnap
- canonical/qnap qvr elite
- canonical/qnap qvr guard
- canonical/qnap qvr pro