An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2782 build 20240601 and later
QuTS hero h5.2.0.2782 build 20240601 and later
References
Link | Resource |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-28 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Sep 2024, 16:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.8.2823:build_20240712:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.8.2823:build_20240712:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.4 |
References | () https://www.qnap.com/en/security-advisory/qsa-24-28 - Vendor Advisory | |
First Time |
Qnap quts Hero
Qnap qts Qnap |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-06 17:15
Updated : 2024-09-20 16:38
NVD link : CVE-2024-32771
Mitre link : CVE-2024-32771
CVE.ORG link : CVE-2024-32771
JSON object : View
Products Affected
qnap
- qts
- quts_hero
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts