Security ID : QSA-21-36
Stack-Based Buffer Overflow Vulnerabilities in NVR Storage Expansion
Release date : September 10, 2021
CVE identifier : CVE-2021-34345 | CVE-2021-34346
Affected products: QNAP NAS running NVR Storage Expansion
Severity
Critical
Status
Resolved
Summary
Two stack-based buffer overflow vulnerabilities have been reported to affect QNAP NAS running NVR Storage Expansion. If exploited, these vulnerabilities allow attackers to execute arbitrary code.
We have already fixed the vulnerabilities in the following versions:
- NVR Storage Expansion 1.0.6 (2021/08/03) and later
Recommendation
To fix the vulnerabilities, we recommend updating NVR Storage Expansion to the latest version.
Updating NVR Storage Expansion
- Log on to QTS as administrator.
- Open the App Center and then click
.
A search box appears. - Type “NVR Storage Expansion” and then press ENTER.
NVR Storage Expansion appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your NVR Storage Expansion is already up to date. - Click OK.
The application is updated.
Acknowledgements: crixer
Revision History: V1.0 (September 10, 2021) - Published
