CVE-2021-38678
Severity CVSS v4.0:
Pending analysis
Type:
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Publication date:
14/01/2022
Last modified:
19/01/2022
Description
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:qnap:qcalagent:*:*:*:*:*:*:*:* | 1.1.7 (excluding) |
To consult the complete list of CPE names with products and versions, see this page