vulnerability

QNAP QTS: CVE-2021-34343: Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Sep 10, 2021	Aug 4, 2025	Oct 16, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Sep 10, 2021

Added

Aug 4, 2025

Modified

Oct 16, 2025

Description

Two stack buffer overflow vulnerabilities have been reported to affect QNAP devices running QTS, QuTS hero, and QuTScloud. If exploited, these vulnerabilities allow attackers to execute arbitrary code. We have already fixed these vulnerabilities in the following versions: QTS 5.0.0.1716 build 20210701 and later QTS 4.5.4.1715 build 20210630 and later QTS 4.3.6.1750 build 20210730 and later QTS 4.3.3.1693 build 20210624 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 and later

Solution

qnap-qts-upgrade-latest

References

CWE-787
CVE-2021-34343
https://attackerkb.com/topics/CVE-2021-34343
URL-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34343
URL-https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-34343
URL-https://www.qnap.com/en-uk/security-advisory/QSA-21-33

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today