5.5

CVE-2023-41274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later

Data is provided by the National Vulnerability Database (NVD)
QnapQts Version5.1.0.2348 Updatebuild_20230325
QnapQts Version5.1.0.2399 Updatebuild_20230515
QnapQts Version5.1.0.2418 Updatebuild_20230603
QnapQts Version5.1.0.2444 Updatebuild_20230629
QnapQts Version5.1.0.2466 Updatebuild_20230721
QnapQts Version5.1.1.2491 Updatebuild_20230815
QnapQts Version5.1.2.2533 Update-
QnapQuts Hero Versionh5.1.0.2409 Updatebuild_20230525
QnapQuts Hero Versionh5.1.0.2424 Updatebuild_20230609
QnapQuts Hero Versionh5.1.0.2453 Updatebuild_20230708
QnapQuts Hero Versionh5.1.0.2466 Updatebuild_20230721
QnapQuts Hero Versionh5.1.1.2488 Updatebuild_20230812
QnapQuts Hero Versionh5.1.2.2534 Update-
QnapQutscloud Versionc5.1.0.2498 Updatebuild_20230822
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.221
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
security@qnapsecurity.com.tw 5.5 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.