QNAP QTS Operating System Vulnerability Affects Multiple Versions
CVE-2024-27124

7.5HIGH

Key Information:

Vendor
QNAP
Status
Qts
Quts Hero
Qutscloud
Vendor
CVE Published:
26 April 2024

Badges

πŸ“° News Worthy

Summary

An OS command injection vulnerability has been identified in multiple versions of QNAP operating systems, posing a significant risk to users. When exploited by an attacker, this vulnerability enables the execution of arbitrary commands over a network, which could lead to unauthorized access and potential system compromise. Users are strongly advised to upgrade to the patched versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

QTS 5.1.x < 5.1.3.2578 build 20231110

QTS 4.5.x < 4.5.4.2627 build 20231225

QuTS hero h5.1.x

News Articles

favicon imageCybersecurityNews

Multiple QNAP Vulnerability Let Hackers Hijack Your NAS

QNAP has disclosed multiple vulnerabilities across its NAS systems that could potentially allow hackers to take control of affected devices.

9 months ago

References

https://www.qnap.com/en/security-advisory/qsa-24-09

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by CybersecurityNews

  • Vulnerability published

Credit

ZDI-CAN-22378: Team Viettel
.