Refine your search
14 vulnerabilities found for quts_hero by qnap
CVE-2024-53696 (GCVE-0-2024-53696)
Vulnerability from nvd
Published
2025-03-07 16:13
Modified
2025-03-07 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.829 ( 2024/10/01 ) and later
QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
QTS 4.5.4.2957 build 20241119 and later
QuTS hero h4.5.4.2956 build 20241119 and later
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QuLog Center |
Version: 1.7.x.x < 1.7.0.829 ( 2024/10/01 ) Version: 1.8.x.x < 1.8.0.888 ( 2024/10/15 ) |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T17:54:00.666580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T17:54:11.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QuLog Center",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.7.0.829 ( 2024/10/01 )",
"status": "affected",
"version": "1.7.x.x",
"versionType": "custom"
},
{
"lessThan": "1.8.0.888 ( 2024/10/15 )",
"status": "affected",
"version": "1.8.x.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "4.5.4.2957 build 20241119",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h4.5.4.2956 build 20241119",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aymen BORGI and Ibrahim AYADHI from RandoriSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\u003cbr\u003eQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\u003cbr\u003eQTS 4.5.4.2957 build 20241119 and later\u003cbr\u003eQuTS hero h4.5.4.2956 build 20241119 and later\u003cbr\u003e"
}
],
"value": "A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\nQTS 4.5.4.2957 build 20241119 and later\nQuTS hero h4.5.4.2956 build 20241119 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T16:13:55.595Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-53"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\u003cbr\u003eQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\u003cbr\u003eQTS 4.5.4.2957 build 20241119 and later\u003cbr\u003eQuTS hero h4.5.4.2956 build 20241119 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\nQTS 4.5.4.2957 build 20241119 and later\nQuTS hero h4.5.4.2956 build 20241119 and later"
}
],
"source": {
"advisory": "QSA-24-53",
"discovery": "EXTERNAL"
},
"title": "QuLog Center",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2024-53696",
"datePublished": "2025-03-07T16:13:55.595Z",
"dateReserved": "2024-11-22T06:21:49.206Z",
"dateUpdated": "2025-03-07T17:54:11.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27600 (GCVE-0-2022-27600)
Vulnerability from nvd
Published
2024-12-19 01:39
Modified
2024-12-20 17:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2277 and later
QTS 4.5.4.2280 build 20230112 and later
QuTS hero h5.0.1.2277 build 20230112 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: 5.0.x < 5.0.1.2277 Version: 4.5.x < 4.5.4.2280 build 20230112 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T16:45:14.667432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:41:53.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.0.1.2277",
"status": "affected",
"version": "5.0.x",
"versionType": "custom"
},
{
"lessThan": "4.5.4.2280 build 20230112",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.0.1.2277 build 20230112",
"status": "affected",
"version": "h5.0.x",
"versionType": "custom"
},
{
"lessThan": "h4.5.4.2374 build 20230417",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.0.1.2374",
"status": "affected",
"version": "c5.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "huasheng_mangguo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.0.1.2277 and later\u003cbr\u003eQTS 4.5.4.2280 build 20230112 and later\u003cbr\u003eQuTS hero h5.0.1.2277 build 20230112 and later\u003cbr\u003eQuTS hero h4.5.4.2374 build 20230417 and later\u003cbr\u003eQuTScloud c5.0.1.2374 and later\u003cbr\u003e"
}
],
"value": "An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212"
}
]
},
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554"
}
]
},
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-798",
"description": "CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T01:39:38.167Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-09"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.0.1.2277 and later\u003cbr\u003eQTS 4.5.4.2280 build 20230112 and later\u003cbr\u003eQuTS hero h5.0.1.2277 build 20230112 and later\u003cbr\u003eQuTS hero h4.5.4.2374 build 20230417 and later\u003cbr\u003eQuTScloud c5.0.1.2374 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later"
}
],
"source": {
"advisory": "QSA-23-09",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2022-27600",
"datePublished": "2024-12-19T01:39:38.167Z",
"dateReserved": "2022-03-21T22:02:33.327Z",
"dateUpdated": "2024-12-20T17:41:53.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32765 (GCVE-0-2024-32765)
Vulnerability from nvd
Published
2024-08-09 17:09
Modified
2024-08-09 18:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: 5.1.x < 5.1.8.2823 build 20240712 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T18:19:29.934392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T18:20:43.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.8.2823 build 20240712",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.1.8.2823 build 20240712",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI-CAN-22458 - Team ECQ"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been reported to affect Network \u0026amp; Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.8.2823 build 20240712 and later\u003cbr\u003eQuTS hero h5.1.8.2823 build 20240712 and later\u003cbr\u003e"
}
],
"value": "A vulnerability has been reported to affect Network \u0026 Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQuTS hero h5.1.8.2823 build 20240712 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-291",
"description": "CWE-291",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T17:09:46.468Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-14"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.8.2823 build 20240712 and later\u003cbr\u003eQuTS hero h5.1.8.2823 build 20240712 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQuTS hero h5.1.8.2823 build 20240712 and later"
}
],
"source": {
"advisory": "QSA-24-14",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2024-32765",
"datePublished": "2024-08-09T17:09:46.468Z",
"dateReserved": "2024-04-18T08:14:16.553Z",
"dateUpdated": "2024-08-09T18:20:43.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32766 (GCVE-0-2024-32766)
Vulnerability from nvd
Published
2024-04-26 15:00
Modified
2024-08-02 02:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: 5.1.x < 5.1.3.2578 build 20231110 Version: 4.5.x < 4.5.4.2627 build 20231225 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qnap:qts:5.1.x:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts",
"vendor": "qnap",
"versions": [
{
"lessThan": "5.1.3.2578 build 20231110 ",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qnap:quts_hero:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quts_hero",
"vendor": "qnap",
"versions": [
{
"lessThan": "h5.1.3.2578 build 20231110 ",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qutscloud",
"vendor": "qnap",
"versions": [
{
"lessThan": "c5.1.5.2651 ",
"status": "affected",
"version": "c5.x.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:qnap:qts:4.5.x:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts",
"vendor": "qnap",
"versions": [
{
"lessThan": "4.5.4.2627 build 20231225",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qnap:quts_hero:h4.5.x:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quts_hero",
"vendor": "qnap",
"versions": [
{
"lessThan": "h4.5.4.2626 build 20231225 ",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:26:16.123877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:14.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-24-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.3.2578 build 20231110",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
},
{
"lessThan": "4.5.4.2627 build 20231225",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.1.3.2578 build 20231110",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
},
{
"lessThan": "h4.5.4.2626 build 20231225",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.1.5.2651",
"status": "affected",
"version": "c5.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI-CAN-22495: Team Orca"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.3.2578 build 20231110 and later\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later\n"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T15:00:43.258Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-09"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.3.2578 build 20231110 and later\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later\n"
}
],
"source": {
"advisory": "QSA-24-09",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2024-32766",
"datePublished": "2024-04-26T15:00:43.258Z",
"dateReserved": "2024-04-18T08:14:16.553Z",
"dateUpdated": "2024-08-02T02:20:35.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27124 (GCVE-0-2024-27124)
Vulnerability from nvd
Published
2024-04-26 15:00
Modified
2024-08-02 00:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: 5.1.x < 5.1.3.2578 build 20231110 Version: 4.5.x < 4.5.4.2627 build 20231225 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qnap:qts:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts",
"vendor": "qnap",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:o:qnap:qts:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts",
"vendor": "qnap",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:qnap:quts_hero:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quts_hero",
"vendor": "qnap",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:qnap:quts_hero:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quts_hero",
"vendor": "qnap",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qutscloud",
"vendor": "qnap",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T12:02:41.587380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:16.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-24-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.3.2578 build 20231110",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
},
{
"lessThan": "4.5.4.2627 build 20231225",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.1.3.2578 build 20231110",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
},
{
"lessThan": "h4.5.4.2626 build 20231225",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.1.5.2651",
"status": "affected",
"version": "c5.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI-CAN-22378: Team Viettel"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.3.2578 build 20231110 and later\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later\n"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T15:00:55.893Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-09"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.3.2578 build 20231110 and later\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later\n"
}
],
"source": {
"advisory": "QSA-24-09",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2024-27124",
"datePublished": "2024-04-26T15:00:55.893Z",
"dateReserved": "2024-02-20T09:36:58.211Z",
"dateUpdated": "2024-08-02T00:27:59.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21905 (GCVE-0-2024-21905)
Vulnerability from nvd
Published
2024-04-26 15:01
Modified
2024-08-12 19:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: 5.1.x < 5.1.3.2578 build 20231110 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qnap:qts:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts",
"vendor": "qnap",
"versions": [
{
"lessThan": "5.1.3.2578 build 20231110",
"status": "affected",
"version": "5.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-30T14:20:50.434461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:31:28.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-24-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.3.2578 build 20231110",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.1.3.2578 build 20231110",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.1.5.2651",
"status": "affected",
"version": "c5.x.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n"
}
],
"impacts": [
{
"capecId": "CAPEC-92",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-92"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T15:01:00.169Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-16"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n"
}
],
"source": {
"advisory": "QSA-24-16",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2024-21905",
"datePublished": "2024-04-26T15:01:00.169Z",
"dateReserved": "2024-01-03T02:31:17.844Z",
"dateUpdated": "2024-08-12T19:31:28.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51365 (GCVE-0-2023-51365)
Vulnerability from nvd
Published
2024-04-26 15:01
Modified
2024-08-02 22:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: 5.1.x < 5.1.4.2596 build 20231128 Version: 4.5.x < 4.5.4.2627 build 20231225 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qnap:qts:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts",
"vendor": "qnap",
"versions": [
{
"lessThan": "4.5.4.2627 build 20231225 ",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qnap:quts_hero:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quts_hero",
"vendor": "qnap",
"versions": [
{
"lessThan": "h4.5.4.2626 build 20231225 ",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:qnap:qts:5.1.x:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts",
"vendor": "qnap",
"versions": [
{
"lessThan": "5.1.4.2596 build 20231128",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:qnap:quts_hero:h5.1.x:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quts_hero",
"vendor": "qnap",
"versions": [
{
"lessThan": "h5.1.3.2578 build 20231110 ",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-26T17:33:26.382851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:25.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-24-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.4.2596 build 20231128",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
},
{
"lessThan": "4.5.4.2627 build 20231225",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.1.3.2578 build 20231110",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
},
{
"lessThan": "h4.5.4.2626 build 20231225",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.1.5.2651",
"status": "unaffected",
"version": "c5.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "chumen77 "
},
{
"lang": "en",
"type": "finder",
"value": "ZDI-CAN-22407 - Team Thales\u200b"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.4.2596 build 20231128 and later\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T15:01:04.335Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-14"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.4.2596 build 20231128 and later\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later\n"
}
],
"source": {
"advisory": "QSA-24-14",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2023-51365",
"datePublished": "2024-04-26T15:01:04.335Z",
"dateReserved": "2023-12-18T14:21:13.239Z",
"dateUpdated": "2024-08-02T22:32:09.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51364 (GCVE-0-2023-51364)
Vulnerability from nvd
Published
2024-04-26 15:01
Modified
2024-08-02 22:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: 5.1.x < 5.1.4.2596 build 20231128 Version: 4.5.x < 4.5.4.2627 build 20231225 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T15:42:40.424471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:35.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-24-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.4.2596 build 20231128",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
},
{
"lessThan": "4.5.4.2627 build 20231225",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.1.3.2578 build 20231110",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
},
{
"lessThan": "h4.5.4.2626 build 20231225",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.1.5.2651",
"status": "affected",
"version": "c5.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "chumen77 "
},
{
"lang": "en",
"type": "finder",
"value": "ZDI-CAN-22410 - Team STARLabs\u200b"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.4.2596 build 20231128 and later\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T15:01:08.345Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-14"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.4.2596 build 20231128 and later\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later\n"
}
],
"source": {
"advisory": "QSA-24-14",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2023-51364",
"datePublished": "2024-04-26T15:01:08.345Z",
"dateReserved": "2023-12-18T14:21:13.239Z",
"dateUpdated": "2024-08-02T22:32:09.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34980 (GCVE-0-2023-34980)
Vulnerability from nvd
Published
2024-03-08 16:16
Modified
2024-09-06 17:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h4.5.4.2626 build 20231225 and later
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: 4.5.x < 4.5.4.2627 build 20231225 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-24-12"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts",
"vendor": "qnap",
"versions": [
{
"lessThan": "4.5.4.2627_build 20231225",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quts_hero",
"vendor": "qnap",
"versions": [
{
"lessThan": "h4.5.4.2626_build 20231225",
"status": "affected",
"version": "h4.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:15:12.889402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:42:06.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "4.5.4.2627 build 20231225",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h4.5.4.2626 build 20231225",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tyaoo\u30010x14"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003e"
}
],
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\n"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T16:16:00.564Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-12"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\n"
}
],
"source": {
"advisory": "QSA-24-12",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2023-34980",
"datePublished": "2024-03-08T16:16:00.564Z",
"dateReserved": "2023-06-08T08:26:04.295Z",
"dateUpdated": "2024-09-06T17:42:06.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32969 (GCVE-0-2023-32969)
Vulnerability from nvd
Published
2024-03-08 16:17
Modified
2024-08-02 15:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QuTScloud |
Version: c5.x.x < c5.1.5.2651 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T17:21:27.707772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:10.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-24-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.1.5.2651",
"status": "affected",
"version": "c5.x.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.4.2596 build 20231128",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.1.4.2596 build 20231128",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect Network \u0026amp; Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003eQTS 5.1.4.2596 build 20231128 and later\u003cbr\u003eQuTS hero h5.1.4.2596 build 20231128 and later\u003cbr\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect Network \u0026 Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQuTScloud c5.1.5.2651 and later\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T16:17:19.645Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-11"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003eQTS 5.1.4.2596 build 20231128 and later\u003cbr\u003eQuTS hero h5.1.4.2596 build 20231128 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQuTScloud c5.1.5.2651 and later\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
],
"source": {
"advisory": "QSA-24-11",
"discovery": "EXTERNAL"
},
"title": "Network \u0026 Virtual Switch",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2023-32969",
"datePublished": "2024-03-08T16:17:19.645Z",
"dateReserved": "2023-05-16T10:44:49.055Z",
"dateUpdated": "2024-08-02T15:32:46.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50358 (GCVE-0-2023-50358)
Vulnerability from nvd
Published
2024-02-13 02:45
Modified
2025-05-09 18:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QTS 4.3.6.2665 build 20240131 and later
QTS 4.3.4.2675 build 20240131 and later
QTS 4.3.3.2644 build 20240131 and later
QTS 4.2.6 build 20240131 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: 5.x < 5.1.5.2645 build 20240116 Version: 4.5.x, 4.4.x < 4.5.4.2627 build 20231225 Version: 4.3.6, 4.3.5 < 4.3.6.2665 build 20240131 Version: 4.3.4 < 4.3.4.2675 build 20240131 Version: 4.3.x < 4.3.3.2644 build 20240131 Version: 4.2.x < 4.2.6 build 20240131 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-57"
},
{
"tags": [
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:07:56.548850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T18:16:31.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.5.2645 build 20240116",
"status": "affected",
"version": "5.x",
"versionType": "custom"
},
{
"lessThan": "4.5.4.2627 build 20231225",
"status": "affected",
"version": "4.5.x, 4.4.x",
"versionType": "custom"
},
{
"lessThan": "4.3.6.2665 build 20240131",
"status": "affected",
"version": "4.3.6, 4.3.5",
"versionType": "custom"
},
{
"lessThan": "4.3.4.2675 build 20240131",
"status": "affected",
"version": "4.3.4",
"versionType": "custom"
},
{
"lessThan": "4.3.3.2644 build 20240131",
"status": "affected",
"version": "4.3.x",
"versionType": "custom"
},
{
"lessThan": "4.2.6 build 20240131",
"status": "affected",
"version": "4.2.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.1.5.2647 build 20240118",
"status": "affected",
"version": "h5.x",
"versionType": "custom"
},
{
"lessThan": "h4.5.4.2626 build 20231225",
"status": "affected",
"version": "h4.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.1.5.2651",
"status": "affected",
"version": "c5.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Palo Alto Networks Unit 42"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.5.2645 build 20240116 and later\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQTS 4.3.6.2665 build 20240131 and later\u003cbr\u003eQTS 4.3.4.2675 build 20240131 and later\u003cbr\u003eQTS 4.3.3.2644 build 20240131 and later\u003cbr\u003eQTS 4.2.6 build 20240131 and later\u003cbr\u003eQuTS hero h5.1.5.2647 build 20240118 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQTS 4.5.4.2627 build 20231225 and later\nQTS 4.3.6.2665 build 20240131 and later\nQTS 4.3.4.2675 build 20240131 and later\nQTS 4.3.3.2644 build 20240131 and later\nQTS 4.2.6 build 20240131 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T05:21:43.811Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-57"
},
{
"url": "https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/"
},
{
"url": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.5.2645 build 20240116 and later\u003cbr\u003eQTS 4.5.4.2627 build 20231225 and later\u003cbr\u003eQTS 4.3.6.2665 build 20240131 and later\u003cbr\u003eQTS 4.3.4.2675 build 20240131 and later\u003cbr\u003eQTS 4.3.3.2644 build 20240131 and later\u003cbr\u003eQTS 4.2.6 build 20240131 and later\u003cbr\u003eQuTS hero h5.1.5.2647 build 20240118 and later\u003cbr\u003eQuTS hero h4.5.4.2626 build 20231225 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQTS 4.5.4.2627 build 20231225 and later\nQTS 4.3.6.2665 build 20240131 and later\nQTS 4.3.4.2675 build 20240131 and later\nQTS 4.3.3.2644 build 20240131 and later\nQTS 4.2.6 build 20240131 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later"
}
],
"source": {
"advisory": "QSA-23-57",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2023-50358",
"datePublished": "2024-02-13T02:45:22.351Z",
"dateReserved": "2023-12-07T08:52:25.583Z",
"dateUpdated": "2025-05-09T18:16:31.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47218 (GCVE-0-2023-47218)
Vulnerability from nvd
Published
2024-02-13 02:44
Modified
2025-05-07 21:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: 5.1.x < 5.1.5.2645 build 20240116 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-57"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47218",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T16:50:57.106168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T21:13:18.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.5.2645 build 20240116",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "4.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.1.5.2647 build 20240118",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "h4.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.1.5.2651",
"status": "affected",
"version": "c5.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Stephen Fewer, Principal Security Researcher at Rapid7"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.5.2645 build 20240116 and later\u003cbr\u003eQuTS hero h5.1.5.2647 build 20240118 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T05:22:35.083Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-57"
},
{
"url": "https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.5.2645 build 20240116 and later\u003cbr\u003eQuTS hero h5.1.5.2647 build 20240118 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later"
}
],
"source": {
"advisory": "QSA-23-57",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2023-47218",
"datePublished": "2024-02-13T02:44:14.677Z",
"dateReserved": "2023-11-03T09:47:36.053Z",
"dateUpdated": "2025-05-07T21:13:18.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2509 (GCVE-0-2020-2509)
Vulnerability from nvd
Published
2021-04-17 03:50
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: unspecified < 4.5.2.1566 Build 20210202 Version: unspecified < 4.5.1.1495 Build 20201123 Version: unspecified < 4.3.6.1620 Build 20210322 Version: unspecified < 4.3.4.1632 Build 20210324 Version: unspecified < 4.3.3.1624 Build 20210416 Version: unspecified < 4.2.6 Build 20210327 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:54.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-2509",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T20:45:39.459476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-11",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2509"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:49.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2509"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-11T00:00:00+00:00",
"value": "CVE-2020-2509 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "4.5.2.1566 Build 20210202",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.5.1.1495 Build 20201123",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.3.6.1620 Build 20210322",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.3.4.1632 Build 20210324",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.3.3.1624 Build 20210416",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.2.6 Build 20210327",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h4.5.1.1491 build 20201119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Omri Mallis, Yaniv Puyeski"
}
],
"datePublic": "2021-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:48:29.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-05"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP has already fixed this vulnerability in the following versions:\nQTS 4.5.2.1566 Build 20210202 and later\nQTS 4.5.1.1495 Build 20201123 and later\nQTS 4.3.6.1620 Build 20210322 and later\nQTS 4.3.4.1632 Build 20210324 and later\nQTS 4.3.3.1624 Build 20210416 and later\nQTS 4.2.6 Build 20210327 and later\nQuTS hero h4.5.1.1491 build 20201119 and later"
}
],
"source": {
"advisory": "QSA-21-05",
"discovery": "EXTERNAL"
},
"title": "Command Injection Vulnerability in QTS and QuTS hero",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-04-16T05:49:00.000Z",
"ID": "CVE-2020-2509",
"STATE": "PUBLIC",
"TITLE": "Command Injection Vulnerability in QTS and QuTS hero"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.5.2.1566 Build 20210202"
},
{
"version_affected": "\u003c",
"version_value": "4.5.1.1495 Build 20201123"
},
{
"version_affected": "\u003c",
"version_value": "4.3.6.1620 Build 20210322"
},
{
"version_affected": "\u003c",
"version_value": "4.3.4.1632 Build 20210324"
},
{
"version_affected": "\u003c",
"version_value": "4.3.3.1624 Build 20210416"
},
{
"version_affected": "\u003c",
"version_value": "4.2.6 Build 20210327"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "h4.5.1.1491 build 20201119"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Omri Mallis, Yaniv Puyeski"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-05",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-05"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP has already fixed this vulnerability in the following versions:\nQTS 4.5.2.1566 Build 20210202 and later\nQTS 4.5.1.1495 Build 20201123 and later\nQTS 4.3.6.1620 Build 20210322 and later\nQTS 4.3.4.1632 Build 20210324 and later\nQTS 4.3.3.1624 Build 20210416 and later\nQTS 4.2.6 Build 20210327 and later\nQuTS hero h4.5.1.1491 build 20201119 and later"
}
],
"source": {
"advisory": "QSA-21-05",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2020-2509",
"datePublished": "2021-04-17T03:50:12.655Z",
"dateReserved": "2019-12-09T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:49.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2509 (GCVE-0-2020-2509)
Vulnerability from cvelistv5
Published
2021-04-17 03:50
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: unspecified < 4.5.2.1566 Build 20210202 Version: unspecified < 4.5.1.1495 Build 20201123 Version: unspecified < 4.3.6.1620 Build 20210322 Version: unspecified < 4.3.4.1632 Build 20210324 Version: unspecified < 4.3.3.1624 Build 20210416 Version: unspecified < 4.2.6 Build 20210327 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:54.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-2509",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T20:45:39.459476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-11",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2509"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:49.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2509"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-11T00:00:00+00:00",
"value": "CVE-2020-2509 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "4.5.2.1566 Build 20210202",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.5.1.1495 Build 20201123",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.3.6.1620 Build 20210322",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.3.4.1632 Build 20210324",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.3.3.1624 Build 20210416",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.2.6 Build 20210327",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h4.5.1.1491 build 20201119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Omri Mallis, Yaniv Puyeski"
}
],
"datePublic": "2021-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:48:29.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-05"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP has already fixed this vulnerability in the following versions:\nQTS 4.5.2.1566 Build 20210202 and later\nQTS 4.5.1.1495 Build 20201123 and later\nQTS 4.3.6.1620 Build 20210322 and later\nQTS 4.3.4.1632 Build 20210324 and later\nQTS 4.3.3.1624 Build 20210416 and later\nQTS 4.2.6 Build 20210327 and later\nQuTS hero h4.5.1.1491 build 20201119 and later"
}
],
"source": {
"advisory": "QSA-21-05",
"discovery": "EXTERNAL"
},
"title": "Command Injection Vulnerability in QTS and QuTS hero",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-04-16T05:49:00.000Z",
"ID": "CVE-2020-2509",
"STATE": "PUBLIC",
"TITLE": "Command Injection Vulnerability in QTS and QuTS hero"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.5.2.1566 Build 20210202"
},
{
"version_affected": "\u003c",
"version_value": "4.5.1.1495 Build 20201123"
},
{
"version_affected": "\u003c",
"version_value": "4.3.6.1620 Build 20210322"
},
{
"version_affected": "\u003c",
"version_value": "4.3.4.1632 Build 20210324"
},
{
"version_affected": "\u003c",
"version_value": "4.3.3.1624 Build 20210416"
},
{
"version_affected": "\u003c",
"version_value": "4.2.6 Build 20210327"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "h4.5.1.1491 build 20201119"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Omri Mallis, Yaniv Puyeski"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-05",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-05"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP has already fixed this vulnerability in the following versions:\nQTS 4.5.2.1566 Build 20210202 and later\nQTS 4.5.1.1495 Build 20201123 and later\nQTS 4.3.6.1620 Build 20210322 and later\nQTS 4.3.4.1632 Build 20210324 and later\nQTS 4.3.3.1624 Build 20210416 and later\nQTS 4.2.6 Build 20210327 and later\nQuTS hero h4.5.1.1491 build 20201119 and later"
}
],
"source": {
"advisory": "QSA-21-05",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2020-2509",
"datePublished": "2021-04-17T03:50:12.655Z",
"dateReserved": "2019-12-09T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:49.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}