QNAP QTS Operating System Vulnerability Affects Multiple Versions

CVE-2024-27124

7.5HIGH

Key Information

Vendor: QNAP
Status: Qts; Quts Hero; Qutscloud
Vendor: CVE Published:; 26 April 2024

Badges

📰 News Worthy

Summary

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Affected Version(s)

QTS < 5.1.3.2578 build 20231110

QTS < 4.5.4.2627 build 20231225

QuTS hero < h5.1.x

News Articles

CybersecurityNews

CVE-2024-27124CVE-2024-32764

Multiple QNAP Vulnerability Let Hackers Hijack Your NAS

QNAP has disclosed multiple vulnerabilities across its NAS systems that could potentially allow hackers to take control of affected devices.

7 months ago

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: null to: 7.5 - (HIGH)
Aug 2, 2024
First article discovered by CybersecurityNews
Apr 29, 2024
Vulnerability published.
Apr 26, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

ZDI-CAN-22378: Team Viettel