Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-38686


An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later


Published

2021-11-26T14:15:07.780

Last Modified

2024-11-21T06:17:53.847

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-287

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application qnap qvr < 5.1.6 Yes

References