Multiple vulnerabilities in QNAP QTS and QuTS hero



Risk High
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2024-48859
CVE-2024-48865
CVE-2024-48866
CVE-2024-48867
CVE-2024-48868
CVE-2024-50393
CVE-2024-50402
CVE-2024-50403
CWE-ID CWE-287
CWE-295
CWE-177
CWE-93
CWE-77
CWE-134
Exploitation vector Network
Public exploit N/A
Vulnerable software
QNAP QTS
Server applications / File servers (FTP/HTTP)

QuTS hero
Hardware solutions / Firmware

Vendor QNAP Systems, Inc.

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Improper Authentication

EUVDB-ID: #VU101340

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-48859

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QNAP QTS: before 5.1.9.2954 20241120, 5.2.2.2950 20241114, 5.1.9.2954 20241120

QuTS hero: before h5.1.9.2954 build 20241120

CPE2.3 External links

http://www.qnap.com/en/security-advisory/qsa-24-49


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Certificate Validation

EUVDB-ID: #VU101341

Risk: Low

CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-48865

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper certificate validation. A local attacker can gain access to the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QNAP QTS: before 5.1.9.2954 20241120, 5.2.2.2950 20241114, 5.1.9.2954 20241120

QuTS hero: before h5.1.9.2954 build 20241120

CPE2.3 External links

http://www.qnap.com/en/security-advisory/qsa-24-49


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Handling of URL Encoding (Hex Encoding)

EUVDB-ID: #VU101342

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-48866

CWE-ID: CWE-177 - Improper Handling of URL Encoding (Hex Encoding)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper handling of of URL encoding. A remote attacker can cause the system to go into an unexpected state.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QNAP QTS: before 5.1.9.2954 20241120, 5.2.2.2950 20241114, 5.1.9.2954 20241120

QuTS hero: before h5.1.9.2954 build 20241120

CPE2.3 External links

http://www.qnap.com/en/security-advisory/qsa-24-49


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) CRLF injection

EUVDB-ID: #VU101343

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-48867

CWE-ID: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QNAP QTS: before 5.1.9.2954 20241120, 5.2.2.2950 20241114, 5.1.9.2954 20241120

QuTS hero: before h5.1.9.2954 build 20241120

CPE2.3 External links

http://www.qnap.com/en/security-advisory/qsa-24-49


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) CRLF injection

EUVDB-ID: #VU101345

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-48868

CWE-ID: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QNAP QTS: before 5.1.9.2954 20241120, 5.2.2.2950 20241114, 5.1.9.2954 20241120

QuTS hero: before h5.1.9.2954 build 20241120

CPE2.3 External links

http://www.qnap.com/en/security-advisory/qsa-24-49


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Command Injection

EUVDB-ID: #VU101349

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50393

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QNAP QTS: before 5.1.9.2954 20241120, 5.2.2.2950 20241114, 5.1.9.2954 20241120

QuTS hero: before h5.1.9.2954 build 20241120

CPE2.3 External links

http://www.qnap.com/en/security-advisory/qsa-24-49


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Format string error

EUVDB-ID: #VU101350

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50402

CWE-ID: CWE-134 - Use of Externally-Controlled Format String

Exploit availability: No

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to a format string error. A remote administrator can supply a specially crafted input that contains format string specifiers and obtain secret data or modify memory.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QNAP QTS: before 5.1.9.2954 20241120, 5.2.2.2950 20241114, 5.1.9.2954 20241120

QuTS hero: before h5.1.9.2954 build 20241120

CPE2.3 External links

http://www.qnap.com/en/security-advisory/qsa-24-49


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Format string error

EUVDB-ID: #VU101351

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50403

CWE-ID: CWE-134 - Use of Externally-Controlled Format String

Exploit availability: No

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to a format string error. A remote administrator can supply a specially crafted input that contains format string specifiers and obtain secret data or modify memory.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QNAP QTS: before 5.1.9.2954 20241120, 5.2.2.2950 20241114, 5.1.9.2954 20241120

QuTS hero: before h5.1.9.2954 build 20241120

CPE2.3 External links

http://www.qnap.com/en/security-advisory/qsa-24-49


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###