Описание
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.7.3297:build_20251024:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.7.3297:build_20251024:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.3.0.3115:build_20250430:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.3.0.3145:build_20250530:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.3.0.3192:build_20250716:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00116
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-121
CWE-787
Связанные уязвимости
CVSS3: 6.5
github
около 1 месяца назад
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later
EPSS
Процентиль: 31%
0.00116
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-121
CWE-787