CVE-2021-38674

Reflected XSS Vulnerability in TFTP

CVSS 4.2 MEDIUMEPSS 0.6%CWE-79

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 4.2EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

07 ene 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Productos afectados

QNAP Systems Inc. · QTS QNAP Systems Inc. · QuTScloud QNAP Systems Inc. · QuTS hero

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.qnap.com/en/security-advisory/qsa-21-63