Server-Side Request Forgery Vulnerability in QuLog Center by QNAP
CVE-2024-53696

5.1MEDIUM

Key Information:

Vendor: QNAP
Status: Qulog Center; Qts; Quts Hero
Vendor: CVE Published:; 7 March 2025

Summary

A server-side request forgery (SSRF) vulnerability in QuLog Center allows remote attackers with administrator access to manipulate server requests, potentially exposing sensitive application data. This exploitation could lead to unauthorized access or data breaches, emphasizing the importance of ensuring that installations are updated to the latest secured versions.

Affected Version(s)

QTS 4.5.x < 4.5.4.2957 build 20241119

QuLog Center 1.7.x.x < 1.7.0.829 ( 2024/10/01 )

QuLog Center 1.8.x.x < 1.8.0.888 ( 2024/10/15 )

References

https://www.qnap.com/en/security-advisory/qsa-24-53

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 7, 2025
Vulnerability Reserved
Nov 22, 2024

Credit

Aymen BORGI and Ibrahim AYADHI from RandoriSec