Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-38686: Improper Authentication Vulnerability in QVR - Security Advisory

An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later

CVE
#vulnerability#ios

<< Back to Security Advisory List

  • Release date: November 26, 2021
  • Security ID: QSA-21-52
  • Severity: High
  • CVE identifier: CVE-2021-38686
  • Affected products: QNAP VS Series NVR
  • Status: Resolved

Summary

An improper authentication vulnerability has been reported to affect QNAP VS Series NVR running QVR. If exploited, this vulnerability allows attackers to compromise the security of the system.

We have already fixed the vulnerability in the following versions of QVR:

  • QVR 5.1.6 build 20211109 and later

Recommendation

To secure your device, we strongly recommend updating your system to the latest version to benefit from vulnerability fixes.

Updating QVR

  1. Log on to QVR as administrator.
  2. Go to Control Panel > System Settings > Firmware Update.
  3. Select the Firmware Update tab.
  4. Click Browse… to upload the latest firmware file.
    Tip: Download the latest firmware file for your specific device from https://www.qnapsecurity.com/n/en/product_x_down/.
  5. Click Update System.
    QVR installs the updates.

Acknowledgements: JPCERT/CC

Revision History: V1.0 (November 26, 2021) - Published

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda