QNAP Quts Hero
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in QNAP Quts Hero.
By the Year
In 2026 there have been 7 vulnerabilities in QNAP Quts Hero. Last year, in 2025 Quts Hero had 24 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Quts Hero in 2026 could surpass last years number.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 7 | 0.00 |
| 2025 | 24 | 0.00 |
| 2024 | 60 | 7.25 |
| 2023 | 20 | 6.71 |
| 2022 | 6 | 6.75 |
| 2021 | 10 | 7.66 |
| 2020 | 5 | 6.84 |
It may take a day or so for new Quts Hero vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent QNAP Quts Hero Security Vulnerabilities
Command Injection in QTS / QuTS OS before 5.1.9.2954 (fixed in 5.2.3.3006)
CVE-2024-14026
- March 11, 2026
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.3.3006 build 20250108 and later
Shell injection
QNAP QTS <=5.2.8.3332 NULL PTR DoS Vulnerability
CVE-2025-47205
- February 11, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later
NULL Pointer Dereference
QNAP OS pre-5.3.2.3354 buffer overflow remote AS user
CVE-2025-48725
- February 11, 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later
Classic Buffer Overflow
QTS 5.2.8.3332 Build DoS via Uninitialized Variable
CVE-2025-58466
- February 11, 2026
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later
Use of Uninitialized Variable
QNAP OS NULL Pointer Deref DoS via Admin Remote (pre-5.3.2.3354)
CVE-2025-59386
- February 11, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later
NULL Pointer Dereference
QNAP QuTS hero OS <=5.3.2.3354 NULL Pointer DoS
CVE-2025-66274
- February 11, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later
NULL Pointer Dereference
QNAP QTS/QuTS Hero: Link Following Path Traversal (pre-5.2.8/5.3.2)
CVE-2025-66277
- February 11, 2026
A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h5.2.8.3350 build 20251216 and later
insecure temporary file
QNAP QTS Format String Vulnerability v5.2.6.3195 Remote Exploit
CVE-2025-53407
- October 03, 2025
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Use of Externally-Controlled Format String
Format String in QTS/QuTS hero 5.2.6.3195 Allows Remote Data Leak
CVE-2025-53406
- October 03, 2025
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Use of Externally-Controlled Format String
QNAP QTS/QuTS hero 5.2.6.3195 NPD Remote Admin DoS
CVE-2025-52866
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero NULL ptr DoS before 5.2.6.3195
CVE-2025-52862
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero NULL Ptr Deref DoS before 5.2.6.3195
CVE-2025-52860
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS 5.2.6.3195: NULL ptr DoS Remote Attacker
CVE-2025-52859
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
NULL Pointer Deref in QNAP QTS & QuTS hero 5.2.6.3195 Before build 20250715 DoS
CVE-2025-52858
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero NULL ptr deref DoS pre 5.2.6.3195
CVE-2025-52857
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS/QuTS Hero Remote Admin Null Ptr Deref DoS - fixed 5.2.6.3195
CVE-2025-52855
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QTS QNAP OS NPE DoS (5.2.6.3195) Remote Admin
CVE-2025-52854
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP OS QTS/QuTS hero DoS via NULL ptr in pre-5.2.6.3195
CVE-2025-52853
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
NULL PTR DoS in QNAP QTS 5.2.6.3195 & QuTS Hero 5.2.6.3195
CVE-2025-52433
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
CVE-2025-52432: Null Pointer Deref in QNAP QTS/QuTS hero OS DoS (fixed 5.2.6.3195+/5.3.0.3192+)
CVE-2025-52432
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later QuTS hero h5.2.6.3195 build 20250715 and later QuTS hero h5.3.0.3192 build 20250716 and later
NULL Pointer Dereference
Format String Vulnerability in QTS 5.2.6.3195+ (CVE202552429)
CVE-2025-52429
- October 03, 2025
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Use of Externally-Controlled Format String
QNAP QTS/QuTS hero 5.2.x NULL Pointer DoS Vulnerability
CVE-2025-52427
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QTS 5.2.6.3195 NULL ptr DoS after admin takeover
CVE-2025-52424
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
External Format String issue in QNAP QTS/QuTS <5.2.6.3195 (pre-5.2.6.3195)
CVE-2025-48730
- October 03, 2025
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Use of Externally-Controlled Format String
QNAP QTS/QuTS hero NULL PTR DoS prior 5.2.6.3195
CVE-2025-48729
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS Null Ptr DoS before 5.2.6.3195
CVE-2025-48728
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP OS NULL Pointer DoS (QTS 5.2.6.3195+, QuTS hero h5.2.6.3195+)
CVE-2025-48727
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QTS <5.2.6.3195: NULL ptr deref DoS via admin
CVE-2025-48726
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS/QuTS NULL Pointer DoS (remote admin) before 5.2.6.3195
CVE-2025-47213
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
Command Injection Remote Exec in QNAP QTS/QuTS hero <5.2.6.3195
CVE-2025-47212
- October 03, 2025
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Shell injection
Path Traversal in QTS 5.2.6.3195 (QNAP) admin reads arbitrary files
CVE-2025-47211
- October 03, 2025
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Directory traversal
QTS Local Auth Bypass CVE-2023-39298 Vulnerability in Versions <5.2.0.2737
CVE-2023-39298
7.8 - High
- September 06, 2024
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2737 build 20240417 and later QuTS hero h5.2.0.2782 build 20240601 and later
AuthZ
QNAP QTS & QuTS hero Path Traversal (CVE202421904) v<5.1.7.2770 Vulnerable
CVE-2024-21904
6.5 - Medium
- September 06, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Directory traversal
OS Command Injection in QNAP QTS/QuTS hero (auth admin) <5.1.6.2722
CVE-2024-21903
4.7 - Medium
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Shell injection
QNAP QTS/QuTS Hero OS Command Injection Before 5.1.6.2722
CVE-2024-21898
8.8 - High
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Shell injection
QNAP QTS/QuTS hero XSS via network, fixed QTS 5.1.6.2722+, QuTS hero h5.1.6.2734+
CVE-2024-21897
5.4 - Medium
- September 06, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
XSS
QNAP QTS/QuTS hero DoS via NULL ptr in OS before 5.1.6.2722
CVE-2023-51368
6.5 - Medium
- September 06, 2024
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero RCE via unchecked buffer copy before 5.1.6.2722
CVE-2023-51367
8.8 - High
- September 06, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Classic Buffer Overflow
QNAP QTS/QuTS Hero Path Traversal before 5.1.6.2722/5.1.6.2734
CVE-2023-51366
6.5 - Medium
- September 06, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Directory traversal
XSS in QNAP QTS & QuTS hero 5.1.x (pre5.1.6) webinterface
CVE-2023-50366
4.8 - Medium
- September 06, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
XSS
OS Command Injection in QNAP QTS <5.1.8.2823 (before build 20240712)
CVE-2024-21906
4.7 - Medium
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
Shell injection
QTS & QuTS Hero OS Command Injection (CVE-2023-34979) Unpatched <4.5.4.2790
CVE-2023-34979
7.2 - High
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2790 build 20240606 and later
Shell injection
OS Command Injection in QNAP QTS/QuTS Hero <5.1.8.2823
CVE-2024-38641
7.8 - High
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
Shell injection
OS Command Injection in QNAP QTS <4.5.4.2790, QuTS hero <h4.5.4.2626
CVE-2023-34974
8.8 - High
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later
Shell injection
QNAP QTS/QuTS hero Auth Attempts Bypass (CVE202432771)
CVE-2024-32771
2.4 - Low
- September 06, 2024
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later
Improper Restriction of Excessive Authentication Attempts
RCE via Buffer Copy in QNAP QTS 5.1.8 (fixed 5.1.8.2823)
CVE-2024-32763
8.8 - High
- September 06, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
Classic Buffer Overflow
Buffer Overflow in QTS & QuTS Hero 5.1.7.2770+ (NAS OS)
CVE-2024-27129
8.8 - High
- May 21, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Classic Buffer Overflow
QTS <=5.1.7.2770 Authenticated Permission Bypass (Read/Modify)
CVE-2024-21902
8.1 - High
- May 21, 2024
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Information Disclosure
Buffer Copy Size Error in QNAP QTS/QuTS Hero 5.1.7.2770 (Pre-5.1.7.2770)
CVE-2024-27130
8.8 - High
- May 21, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Classic Buffer Overflow
QNAP QTS 5.1.x Authenticated Buffer Copy Crash (CVE-2024-27128)
CVE-2024-27128
8.8 - High
- May 21, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Classic Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for QNAP Quts Hero or by QNAP? Click the Watch button to subscribe.
