QNAP Operating System Vulnerability Affects Authenticated Users
CVE-2024-21900

6.5MEDIUM

Key Information:

Vendor
QNAP
Status
Qts
Quts Hero
Qutscloud
Vendor
CVE Published:
8 March 2024

Badges

πŸ“° News Worthy

Summary

An injection vulnerability exists in certain versions of QNAP operating systems, which could enable authenticated users to execute arbitrary commands over the network. This vulnerability affects various versions of QTS, QuTS hero, and QuTScloud, posing significant risks to the security of the systems. Mitigation is available as the issue has been addressed in recent updates. Users are advised to upgrade to the specified secure versions to safeguard their devices against potential exploitation.

Affected Version(s)

QTS 5.1.x < 5.1.3.2578 build 20231110

QuTS hero h5.1.x

QuTScloud c5.x.x

News Articles

favicon imagesecurityonline.info

CVE-2024-21900 Archives

VulnerabilityMarch 8, 2024CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to HackersQNAP has issued a critical security advisory regarding multiple vulnerabilities impacting their NAS software...

10 months ago

favicon imageGBHackers on Security

Multiple QNAP Vulnerabilities Let Attackers Inject Malicious Codes

QNAP has vulnerabilities within systems and applications that allow attackers to compromise system security and execute malicious commands.

10 months ago

References

https://www.qnap.com/en/security-advisory/qsa-24-09

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by GBHackers on Security

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZDI-CAN-22493/22494 : DEVCORE
.