QNAP QTS Vulnerability: Arbitrary Authentication Attempts Allowed
CVE-2024-32771

2.4LOW

Key Information:

Vendor: QNAP
Status: Qts; Quts Hero; Qutscloud
Vendor: CVE Published:; 6 September 2024

Summary

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected.

We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

Affected Version(s)

QTS 5.1.x < 5.2.0.2782 build 20240601

QuTS hero h5.1.x

QTS 5.0.x

References

https://www.qnap.com/en/security-advisory/qsa-24-28

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2024
Vulnerability Reserved
Apr 18, 2024

Credit

Aliz Hammond of watchTowr