QNAP QTS Operating System Vulnerability Affects Multiple Versions

CVE-2024-27124

7.5HIGH

Key Information

Vendor
QNAP
Status
Qts
Quts Hero
Qutscloud
Vendor
CVE Published:
26 April 2024

Badges

đź“° News Worthy

Summary

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Affected Version(s)

QTS < 5.1.3.2578 build 20231110

QTS < 4.5.4.2627 build 20231225

QuTS hero < h5.1.x

News Articles

Multiple QNAP Vulnerability Let Hackers Hijack Your NAS

QNAP has disclosed multiple vulnerabilities across its NAS systems that could potentially allow hackers to take control of affected devices.

8 months ago

Refferences

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • First article discovered by CybersecurityNews

  • Vulnerability published

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

ZDI-CAN-22378: Team Viettel
.