Out-of-Bounds Write Vulnerability in QNAP Operating Systems
CVE-2024-53697

2.1LOW

Key Information:

Vendor: QNAP
Status: Qts; Quts Hero
Vendor: CVE Published:; 7 March 2025

What is CVE-2024-53697?

An out-of-bounds write vulnerability has been identified in several versions of the QNAP operating system. This issue enables remote attackers, with administrative privileges, to modify or corrupt memory, potentially compromising system integrity. Affected users are urged to upgrade to QTS 5.2.3.3006 build 20250108 or later, as well as QuTS hero h5.2.3.3006 build 20250108 or later, to mitigate this risk. For further details, refer to the security advisory.

Affected Version(s)

QTS 5.2.x < 5.2.3.3006 build 20250108

QuTS hero h5.2.x

References

https://www.qnap.com/en/security-advisory/qsa-24-54

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2025
Vulnerability Reserved
Nov 22, 2024

Credit

binhnt