CVE-2020-2501

CRITICAL

Qnap Surveillance Station < 5.1.5.3.3 - Out-of-Bounds Write

Title source: rule

Description

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)

Exploits (1)

nomisec WRITEUP 1 stars

by Alonzozzz · poc

https://github.com/Alonzozzz/alonzzzo

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-21-07

Scores

CVSS v3 9.8

EPSS 0.0376

EPSS Percentile 88.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

qnap/surveillance_station < 5.1.5.3.3

Published Feb 17, 2021

Tracked Since Feb 18, 2026