We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-21899

QTS, QuTS hero, QuTScloud



Assignerqnap
Reserved2024-01-03
Published2024-03-08
Updated2024-08-01

Description

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later



CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

5.1.x before 5.1.3.2578 build 20231110
affected

4.5.x before 4.5.4.2627 build 20231225
affected

Default status
unaffected

h5.1.x before h5.1.3.2578 build 20231110
affected

h4.5.x before h4.5.4.2626 build 20231225
affected

Default status
unaffected

c5.x.x before c5.1.5.2651
affected

Credits

ZDI-CAN-22493/22494 : DEVCORE finder

References

https://www.qnap.com/en/security-advisory/qsa-24-09

cve.org CVE-2024-21899

nvd.nist.gov CVE-2024-21899

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-21899
Support options

Helpdesk Telegram

Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.