February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Lazarus APT Group – Active IOCs
November 29, 2021Rewterz Threat Advisory – Multiple WordPress Vulnerabilities
November 30, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
November 29, 2021Rewterz Threat Advisory – Multiple WordPress Vulnerabilities
November 30, 2021
Severity
High
Analysis Summary
CVE-2021-38686
QNAP QVR could allow a remote attacker to bypass security restrictions, caused by improper authentication. By sending a specially crafted request, an attacker could exploit this vulnerability to compromise the security of the system.
CVE-2021-38685
QNAP QVR could allow a remote attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Security Bypass
- Command Execution
Affected Vendors
QNAP
Affected Products
- QNAP QVR
Remediation
Refer to QNAP QVR for patch, upgrade, or suggested workaround information.
CVE-2021-38686
CVE-2021-38685