CVE-2024-21900

CWE-743 documents3 sources

Severity

6.5MEDIUM

EPSS

8.8%

top 7.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems Inc. QTS Qnap Systems Inc. Quts Hero Qnap Systems Inc. Qutscloud +3 more

Timeline

PublishedMar 8

Description

An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

▶CVEListV5qnap_systems_inc./quts_heroh5.1.x — h5.1.3.2578 build 20231110

▶CVEListV5qnap_systems_inc./qutscloudc5.x.x — c5.1.5.2651

▶NVDqnap/quts_hero< h5.1.3.2578+1

▶NVDqnap/qutscloud< c5.1.5.2651

▶CVEListV5qnap_systems_inc./qts5.1.x — 5.1.3.2578 build 20231110

🔴Vulnerability Details

GHSA

GHSA-hx9j-hf4h-q659: An injection vulnerability has been reported to affect several QNAP operating system versions↗2024-03-08

▶

CVEList

QTS, QuTS hero, QuTScloud↗2024-03-08

▶