CVE-2024-53691Link Following in Systems INC QTS

CWE-59Link Following6 documents4 sources
Severity
8.7HIGHNVD
EPSS
48.9%
top 2.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap QTS+1 more
Timeline
PublishedDec 6
Latest updateJan 29

Description

A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5qnap_systems_inc/quts_heroh5.1.xh5.1.8.2823 build 20240712+1
NVDqnap/quts_hero17 versions+16
CVEListV5qnap_systems_inc/qts5.1.x5.1.8.2823 build 20240712+1
NVDqnap/qts16 versions+15

🔴Vulnerability Details

2
CVEList
QTS, QuTS hero2024-12-06
GHSA
GHSA-6hfr-hxpf-c7m6: A link following vulnerability has been reported to affect several QNAP operating system versions2024-12-06

🔍Detection Rules

3
Suricata
ET WEB_SPECIFIC_APPS QNAP QTS/QuTS File Upload (CVE-2024-53691)2025-01-29
Suricata
ET WEB_SPECIFIC_APPS QNAP QTS/QuTS Decrypt File (CVE-2024-53691)2025-01-29
Suricata
ET WEB_SPECIFIC_APPS QNAP QTS/QuTS Unpack File (CVE-2024-53691)2025-01-29
CVE-2024-53691 — Link Following in Qnap Systems INC QTS | cvebase