Multiple vulnerabilities in QNAP QTS and QuTS hero
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2024-50405 CVE-2024-53692 CVE-2024-53693 CVE-2024-53697 CVE-2024-53699 CVE-2024-53698 |
| CWE-ID | CWE-93 CWE-78 CWE-787 CWE-415 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
QNAP QTS Server applications / File servers (FTP/HTTP) QuTS hero Hardware solutions / Firmware |
| Vendor | QNAP Systems, Inc. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) CRLF injection
EUVDB-ID: #VU105476
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50405
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to inject arbitrary data in server response.
The vulnerability exists due to insufficient validation of attacker-supplied data. A remote administrator can pass specially crafted data to the application containing CR-LF characters and modify application behavior.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQNAP QTS: before 5.2.3.3006 20250108
QuTS hero: before h5.2.3.3006 build 20250108
CPE2.3 External linkshttps://www.qnap.com/en/security-advisory/qsa-24-54
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) OS Command Injection
EUVDB-ID: #VU105477
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53692
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQNAP QTS: before 5.2.3.3006 20250108
QuTS hero: before h5.2.3.3006 build 20250108
CPE2.3 External linkshttps://www.qnap.com/en/security-advisory/qsa-24-54
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) CRLF injection
EUVDB-ID: #VU105478
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-53693
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to inject arbitrary data in server response.
The vulnerability exists due to insufficient validation of attacker-supplied data. A remote user can pass specially crafted data to the application containing CR-LF characters and modify application behavior.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQNAP QTS: before 5.2.3.3006 20250108
QuTS hero: before h5.2.3.3006 build 20250108
CPE2.3 External linkshttps://www.qnap.com/en/security-advisory/qsa-24-54
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU105479
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53697
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote administrator can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQNAP QTS: before 5.2.3.3006 20250108
QuTS hero: before h5.2.3.3006 build 20250108
CPE2.3 External linkshttps://www.qnap.com/en/security-advisory/qsa-24-54
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU105480
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53699
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote administrator can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQNAP QTS: before 5.2.3.3006 20250108
QuTS hero: before h5.2.3.3006 build 20250108
CPE2.3 External linkshttps://www.qnap.com/en/security-advisory/qsa-24-54
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Double free
EUVDB-ID: #VU105481
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53698
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote administrator can pass specially crafted data to the application, trigger double free error, modify memory and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQNAP QTS: before 5.2.3.3006 20250108
QuTS hero: before h5.2.3.3006 build 20250108
CPE2.3 External linkshttps://www.qnap.com/en/security-advisory/qsa-24-54
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
