QNAP QTS Vulnerability: Arbitrary Authentication Attempts Allowed

CVE-2024-32771

2.4LOW

Key Information

Vendor: QNAP
Status: Qts; Quts Hero; Qutscloud
Vendor: CVE Published:; 6 September 2024

Summary

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

Affected Version(s)

QTS < 5.2.0.2782 build 20240601

QTS >= 5.0.x

QTS >= 4.5.x

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 6, 2024
Vulnerability Reserved.
Apr 18, 2024

Collectors

NVD DatabaseMitre Database

Credit

Aliz Hammond of watchTowr