CVE-2021-38693

Path Traversal in thttpd

CVSS 5.3 MEDIUMEPSS 0.9%CWE-22

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

05 may 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Productos afectados

QNAP Systems Inc. · QTS QNAP Systems Inc. · QuTScloud QNAP Systems Inc. · QuTS hero

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.qnap.com/en/security-advisory/qsa-22-13