CVE-2021-44057

An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later

Published: May 5, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-44057
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
qnap / photo_station	6.0.0	6.0.20
qnap / photo_station	-	5.4.13
qnap / photo_station	5.6.0	5.7.16

https://www.qnap.com/en/security-advisory/qsa-22-15

Vulnerability Database

291,049

CVE-2021-44057