Out-of-Bounds Write Vulnerability in QNAP Operating Systems
CVE-2024-38638

2.1LOW

Key Information:

Vendor: QNAP
Status: Qts; Quts Hero
Vendor: CVE Published:; 7 March 2025

What is CVE-2024-38638?

An out-of-bounds write vulnerability has been identified in several QNAP operating system versions, allowing potential exploitation by remote attackers with administrator access. This flaw could enable them to modify or corrupt memory, raising significant security concerns for affected users. Users are encouraged to upgrade to QTS 5.1.9.2954 build 20241120 or later, and QuTS hero h5.1.9.2954 build 20241120 or later to mitigate this risk. Immediate attention to these updates is crucial for maintaining system integrity.

Affected Version(s)

QTS 5.1.x < 5.1.9.2954 build 20241120

QuTS hero h5.1.x

QTS 5.2.x

References

https://www.qnap.com/en/security-advisory/qsa-24-52

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2025
Vulnerability Reserved
Jun 19, 2024

Credit

leeya_bug