Request a Demo
Rewterz
Rewterz Threat Alert – Lazarus APT Group – Active IOCs
November 29, 2021
Rewterz
Rewterz Threat Advisory – Multiple WordPress Vulnerabilities
November 30, 2021

Rewterz Threat Advisory – Multiple QNAP QVR Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-38686 

QNAP QVR could allow a remote attacker to bypass security restrictions, caused by improper authentication. By sending a specially crafted request, an attacker could exploit this vulnerability to compromise the security of the system.

CVE-2021-38685 

QNAP QVR could allow a remote attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Impact

  • Security Bypass
  • Command Execution

Affected Vendors

QNAP

Affected Products

  • QNAP QVR

Remediation

Refer to QNAP QVR for patch, upgrade, or suggested workaround information.

CVE-2021-38686

https://www.qnap.com/en/security-advisory/qsa-21-52

CVE-2021-38685

https://www.qnap.com/en/security-advisory/qsa-21-51