CVE-2021-44052 : An improper link resolution before file access ('Link Following') vulnerability

An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later

Published 2022-05-05 17:15:10

Updated 2023-11-14 19:26:49

Source QNAP Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2021-44052

Qnap » QTS
Versions from including (>=) 4.3.4.0899 and before (<) 4.3.4.1976
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Matching versions
Qnap » QTS
Versions from including (>=) 4.3.6.0895 and before (<) 4.3.6.1965
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Matching versions
Qnap » QTS
Versions from including (>=) 4.3.3.0174 and before (<) 4.3.3.1945
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Matching versions
Qnap » QTS
Versions from including (>=) 4.4.0.0883 and before (<) 4.5.4.1991
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20170517
cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20190322
cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20190730
cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20190921
cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20191107
cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20200109
cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20200421
cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20200611
cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20200821
cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20210327
cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 4.2.6 Update Build 20211215
cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero
Versions from including (>=) h5.0.0.1772 and before (<) h5.0.0.1986
cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero
Versions before (<) h4.5.4.1771
cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
Matching versions
Qnap » Qutscloud
Versions before (<) c5.0.1.1998
cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*
Matching versions
Qnap » QTS
Versions from including (>=) 5.0.0.1716 and before (<) 5.0.0.1986
cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-44052

EPSS FAQ

0.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-44052

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:N	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	2.8	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	QNAP Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2021-44052

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Assigned by:
- nvd@nist.gov (Primary)
- security@qnapsecurity.com.tw (Secondary)

References for CVE-2021-44052

https://www.qnap.com/en/security-advisory/qsa-22-16

Multiple Vulnerabilities in QTS, QuTS hero, and QuTScloud - Security Advisory | QNAP
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-44052

Products affected by CVE-2021-44052

Exploit prediction scoring system (EPSS) score for CVE-2021-44052

CVSS scores for CVE-2021-44052

CWE ids for CVE-2021-44052

References for CVE-2021-44052