QNAP QTS Operating System Vulnerability Affects Multiple Versions
CVE-2024-27124

7.5HIGH

Key Information:

Vendor: QNAP
Status: Qts; Quts Hero; Qutscloud
Vendor: CVE Published:; 26 April 2024

Badges

📰 News Worthy

What is CVE-2024-27124?

An OS command injection vulnerability has been identified in multiple versions of QNAP operating systems, posing a significant risk to users. When exploited by an attacker, this vulnerability enables the execution of arbitrary commands over a network, which could lead to unauthorized access and potential system compromise. Users are strongly advised to upgrade to the patched versions to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QTS 5.1.x < 5.1.3.2578 build 20231110

QTS 4.5.x < 4.5.4.2627 build 20231225

QuTS hero h5.1.x

News Articles

CybersecurityNews

CVE-2024-27124 CVE-2024-32764

Multiple QNAP Vulnerability Let Hackers Hijack Your NAS

QNAP has disclosed multiple vulnerabilities across its NAS systems that could potentially allow hackers to take control of affected devices.

References

https://www.qnap.com/en/security-advisory/qsa-24-09

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

📰
First article discovered by CybersecurityNews
Apr 29, 2024
Vulnerability published
Apr 26, 2024

Credit

ZDI-CAN-22378: Team Viettel

JSON

QNAP

Badges

What is CVE-2024-27124?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

News Articles

Multiple QNAP Vulnerability Let Hackers Hijack Your NAS

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.