CVE-2021-34346 CRITICAL

CVE-2021-34346: Stack Based Overflow Vulnerability in NVR Storage Expansion

Vendor Qnap Systems Inc.
Product NVR Storage Expansion
Weakness CWE-787
Published September 10, 2021
Last update September 16, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later

Key dates

02Disclosure timeline

September 10, 2021 CVE published
September 16, 2024 Record updated