A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
References
Link | Resource |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-23 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
11 Sep 2024, 13:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.qnap.com/en/security-advisory/qsa-24-23 - Vendor Advisory | |
First Time |
Qnap qts
Qnap Qnap quts Hero |
|
CPE | cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-06 17:15
Updated : 2024-09-11 13:40
NVD link : CVE-2024-21904
Mitre link : CVE-2024-21904
CVE.ORG link : CVE-2024-21904
JSON object : View
Products Affected
qnap
- quts_hero
- qts
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')