Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-38687
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Stack Overflow Vulnerability in Surveillance Station
Source: NVD (National Vulnerability Database)
Vulnerability Description
A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
QNAP NAS 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
QNAP NAS是中国威联通科技(QNAP)公司的一个可访问且快速的存储解决方案。 QNAP NAS Surveillance Station 存在缓冲区错误漏洞,该漏洞源于软件处理请求时的边界错误而存在的。未经身份验证的远程攻击者可利用该漏洞可以向系统发送专门的请求,触发基于堆栈的缓冲区溢出,并在目标系统上执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
QNAP Systems Inc.Surveillance Station unspecified ~ 5.2.0.4.2 ( 2021/10/26 ) -
QNAP Systems Inc.Surveillance Station unspecified ~ 5.2.0.3.2 ( 2021/10/26 ) -
QNAP Systems Inc.Surveillance Station unspecified ~ 5.1.5.4.6 ( 2021/10/26 ) -
QNAP Systems Inc.Surveillance Station unspecified ~ 5.1.5.3.6 ( 2021/10/26 ) -
QNAP Systems Inc.Surveillance Station unspecified ~ 5.1.5.3.6 ( 2021/10/26 ) -
II. Public POCs for CVE-2021-38687
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-38687
Please Login to view more intelligence information
New Vulnerabilities
Product: Surveillance Station
Vendor: QNAP Systems Inc.
Same weakness: CWE-120
V. Comments for CVE-2021-38687

No comments yet

Leave a comment