cbcvebase.
CVE-2024-21900
published 2024-03-08

CVE-2024-21900: An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users…

PriorityP349medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
9.41%
94.8th percentile
An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

Affected

8 ranges
VendorProductVersion rangeFixed in
qnapqts< 5.1.3.25785.1.3.2578
qnapqts
qnapquts_hero< h5.1.3.2578h5.1.3.2578
qnapquts_hero
qnapqutscloud< c5.1.5.2651c5.1.5.2651
qnap_systems_incqts>= 5.1.x < 5.1.3.2578 build 202311105.1.3.2578 build 20231110
qnap_systems_incquts_hero>= h5.1.x < h5.1.3.2578 build 20231110h5.1.3.2578 build 20231110
qnap_systems_incqutscloud>= c5.x.x < c5.1.5.2651c5.1.5.2651
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.