QNAP QTS Operating System Vulnerability Affects Multiple Versions
CVE-2024-27124
7.5HIGH
Key Information
- Vendor
- QNAP
- Status
- Qts
- Quts Hero
- Qutscloud
- Vendor
- CVE Published:
- 26 April 2024
Badges
đź“° News Worthy
Summary
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
Affected Version(s)
QTS < 5.1.3.2578 build 20231110
QTS < 4.5.4.2627 build 20231225
QuTS hero < h5.1.x
News Articles
Refferences
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
First article discovered by CybersecurityNews
Vulnerability published
Collectors
NVD DatabaseMitre Database1 News Article(s)
Credit
ZDI-CAN-22378: Team Viettel