CVE-2021-38674 MEDIUM

CVE-2021-38674: Reflected XSS Vulnerability in TFTP

Vendor Qnap Systems Inc.

Product QuTS hero

Weakness CWE-79 · XSS

Published January 7, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

4.2/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later

Key dates

02Disclosure timeline

January 7, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-38674

Related vulnerabilities

Identifiers

CVE CVE-2021-38674

CWE CWE-79

CVSS 4.2 / MEDIUM

Affected versions

Vendor Qnap Systems Inc.

Product QuTS hero

Affected ≥ unspecified and < h4.5.4.1771 build 20210825

Vendor Qnap Systems Inc.

Product QTS

Affected ≥ unspecified and < 4.5.4.1787 build 20210910

Vendor Qnap Systems Inc.

Product QuTScloud

Affected ≥ unspecified and < c4.5.7.1864

CVE-2021-38674: Reflected XSS Vulnerability in TFTP

01Description

02Disclosure timeline

03References

04Related CVE