Qnap Systems Inc Quts Hero vulnerabilities

CVE-2024-50393 [HIGH] CWE-78 CVE-2024-50393: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5

CVE-2024-48865 [HIGH] CWE-295 CVE-2024-48865: An improper certificate validation vulnerability has been reported to affect several QNAP operating An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2

CVE-2024-53691 [HIGH] CWE-59 CVE-2024-53691: A link following vulnerability has been reported to affect several QNAP operating system versions. I A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5

CVE-2024-48868 [HIGH] CWE-93 CVE-2024-48868: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2

CVE-2024-48867 [MEDIUM] CWE-93 CVE-2024-48867: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2

CVE-2024-48859 [MEDIUM] CWE-287 CVE-2024-48859: An improper authentication vulnerability has been reported to affect several QNAP operating system v An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 a

CVE-2024-48866 [LOW] CWE-177 CVE-2024-48866: An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect severa An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.

CVE-2024-50403 [LOW] CWE-134 CVE-2024-50403: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 2

CVE-2024-50402 [LOW] CWE-134 CVE-2024-50402: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 2

CVE-2024-50396 [HIGH] CWE-134 CVE-2024-50396: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2

CVE-2024-50397 [HIGH] CWE-134 CVE-2024-50397: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025

CVE-2024-37043 [MEDIUM] CWE-22 CVE-2024-37043: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 buil

CVE-2024-37041 [MEDIUM] CWE-120 CVE-2024-37041: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu

CVE-2024-37045 [MEDIUM] CWE-476 CVE-2024-37045: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 an

CVE-2024-37050 [MEDIUM] CWE-120 CVE-2024-37050: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu

CVE-2024-37042 [MEDIUM] CWE-476 CVE-2024-37042: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 an

CVE-2024-37048 [MEDIUM] CWE-476 CVE-2024-37048: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 an

CVE-2024-37049 [MEDIUM] CWE-120 CVE-2024-37049: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu

CVE-2024-37044 [MEDIUM] CWE-120 CVE-2024-37044: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu

CVE-2024-37047 [MEDIUM] CWE-120 CVE-2024-37047: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu