Remote Memory Manipulation Flaw in QNAP Operating Systems
CVE-2024-53698

2.1LOW

Key Information:

Vendor: QNAP
Status: Qts; Quts Hero
Vendor: CVE Published:; 7 March 2025

Summary

A double free vulnerability has been identified in multiple versions of the QNAP operating system. This security issue could potentially enable remote attackers with administrator access to make unauthorized modifications to system memory, leading to severe security risks. A fix has been implemented in QTS and QuTS hero versions 5.2.3.3006 build 20250108 and later, emphasizing the importance of updating to these versions to safeguard against exploitation.

Affected Version(s)

QTS 5.2.x < 5.2.3.3006 build 20250108

QuTS hero h5.2.x

References

https://www.qnap.com/en/security-advisory/qsa-24-54

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 7, 2025
Vulnerability Reserved
Nov 22, 2024

Credit

binhnt