NULL Pointer Dereference Vulnerability in QNAP Operating Systems
CVE-2024-37042

Currently unrated

Key Information:

Vendor: QNAP
Status: QNAP Operating System
Vendor: CVE Published:; 22 November 2024

Summary

A NULL pointer dereference vulnerability has been identified in multiple versions of the QNAP operating system, which may allow remote attackers with administrator-level access to execute denial-of-service (DoS) attacks. This flaw can disrupt the normal functioning of the system, leading to potential downtime and unavailability of services. QNAP has released fixes in QTS 5.2.1.2930 build 20241025 and later, as well as QuTS hero h5.2.1.2929 build 20241025 and later to address this issue.

References

https://www.qnap.com/en/security-advisory/qsa-24-43

Timeline

Vulnerability published
Nov 22, 2024