https://www.qnap.com/en/security-advisory/qsa-21-33

QNAP Systems, Inc. CWE-787

QNAP Systems, Inc. CWE-120

CWE-120 / More specific CWE option available

NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NIST (AV:N/AC:L/Au:S/C:P/I:P/A:P)

NIST CWE-787

OR
     *cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* versions up to (excluding) 4.3.3.1693
     *cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* versions from (including) 4.3.4 up to (excluding) 4.3.6.1750
     *cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* versions from (including) 4.4.0 up to (excluding) 4.5.4.1715
     *cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (excluding) 5.0.0.1716
     *cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:* versions up to (excluding) h4.5.4.1771
     *cpe:2.3:o:qnap:qutsc

https://www.qnap.com/en/security-advisory/qsa-21-33 No Types Assigned

https://www.qnap.com/en/security-advisory/qsa-21-33 Vendor Advisory

A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code.
We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero:
QTS 4.5.4.1715 build 20210630 and later
QTS 5.0.0.1716 build 20210701 and later
QTS 4.3.3.1693 build 20210624 and later
QTS 4.3.6.1750 build 20210730 and later
QuTScloud c4.5.6.1755 and later
QuTS hero h4.5.4.1771

A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QTS 4.3.3.1693 build 20210624 and later QTS 4.3.6.1750 build 20210730 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771