CVE-2021-38688 HIGH

CVE-2021-38688: Improper Authentication in Qfile

Vendor Qnap Systems Inc.
Product Qfile
Weakness CWE-287 · Improper authentication
Published December 29, 2021
Last update September 16, 2024

CVSS base score

7.1/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information We have already fixed this vulnerability in the following versions of Qfile: Qfile 3.0.0.1105 and later

Key dates

02Disclosure timeline

December 29, 2021 CVE published
September 16, 2024 Record updated