Path traversal in QNAP QTS, QuTS hero and QuTScloud



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-38693
CWE-ID CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
QNAP QTS
Server applications / File servers (FTP/HTTP)

QuTS hero
Hardware solutions / Firmware

QuTScloud
Operating systems & Components / Operating system

Vendor QNAP Systems, Inc.

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Path traversal

EUVDB-ID: #VU62837

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-38693

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in thttpd. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QNAP QTS: before

QuTS hero: before h4.5.4.1951 Build 20220218

QuTScloud: before c5.0.1.1949

CPE2.3 External links

https://www.qnap.com/en/security-advisory/qsa-22-13


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###