Qnap Quts Hero vulnerabilities

CVE-2024-53698 [LOW] CWE-415 CVE-2024-53698: A double free vulnerability has been reported to affect several QNAP operating system versions. If e A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 202501

CVE-2024-53699 [LOW] CWE-787 CVE-2024-53699: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2

CVE-2024-53697 [LOW] CWE-787 CVE-2024-53697: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2

CVE-2024-38638 [LOW] CWE-787 CVE-2024-38638: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. We have already fixed the vulnerability in the following versions: QTS 5.1.

CVE-2022-27600 [HIGH] CWE-400 CVE-2022-27600: An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operatin An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and la

CVE-2024-50393 [HIGH] CWE-78 CVE-2024-50393: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5

CVE-2024-48865 [HIGH] CWE-295 CVE-2024-48865: An improper certificate validation vulnerability has been reported to affect several QNAP operating An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2

CVE-2024-53691 [HIGH] CWE-59 CVE-2024-53691: A link following vulnerability has been reported to affect several QNAP operating system versions. I A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5

CVE-2024-48868 [HIGH] CWE-93 CVE-2024-48868: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2

CVE-2024-48867 [MEDIUM] CWE-93 CVE-2024-48867: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2

CVE-2024-48859 [MEDIUM] CWE-287 CVE-2024-48859: An improper authentication vulnerability has been reported to affect several QNAP operating system v An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 a

CVE-2024-50402 [LOW] CWE-134 CVE-2024-50402: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 2

CVE-2024-48866 [LOW] CWE-177 CVE-2024-48866: An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect severa An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.

CVE-2024-50403 [LOW] CWE-134 CVE-2024-50403: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 2

CVE-2024-50396 [HIGH] CWE-134 CVE-2024-50396: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2

CVE-2024-50397 [HIGH] CWE-134 CVE-2024-50397: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025

CVE-2024-37043 [MEDIUM] CWE-22 CVE-2024-37043: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 buil

CVE-2024-37041 [MEDIUM] CWE-120 CVE-2024-37041: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu

CVE-2024-37050 [MEDIUM] CWE-120 CVE-2024-37050: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu

CVE-2024-37044 [MEDIUM] CWE-120 CVE-2024-37044: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu