QNAP NAS Multiple Vulnerabilities
Release Date: 25 Nov 2024
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and data manipulation on the targeted system.
Impact
- Remote Code Execution
- Denial of Service
- Information Disclosure
- Data Manipulation
System / Technologies affected
- QTS 5.1.x
- QuTS hero h5.1.x
- QTS 5.2.x
- QuTS hero h5.2.x
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://www.qnap.com/en/security-advisory/qsa-24-37
- https://www.qnap.com/en/security-advisory/qsa-24-43
Vulnerability Identifier
- CVE-2020-14145
- CVE-2021-41617
- CVE-2023-38408
- CVE-2024-37041
- CVE-2024-37042
- CVE-2024-37043
- CVE-2024-37044
- CVE-2024-37045
- CVE-2024-37046
- CVE-2024-37047
- CVE-2024-37048
- CVE-2024-37049
- CVE-2024-37050
- CVE-2024-50396
- CVE-2024-50397
- CVE-2024-50398
- CVE-2024-50399
- CVE-2024-50400
- CVE-2024-50401
沒有留言:
發佈留言