Security ID: QSA-21-45 Title: Stack Buffer Overflow Vulnerability in Multimedia Console Release Date: November 12, 2021 CVE Identifier: CVE-2021-38684 Affected Products: QNAP NAS running Multimedia Console Severity: Important Status: Resolved Summary A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. The vulnerability has been fixed in Multimedia Console versions 1.4.3 and later (released 2021/10/05) and 1.5.3 and later (released 2021/10/05). Recommendation Update Multimedia Console: Follow the provided steps to update Multimedia Console to the latest version. Revision History V1.0 (November 12, 2021): Published V1.1 (November 15, 2021): Add information for Multimedia Console 1.5.3