CVE-2024-37043

EPSS 0.14%
Published 22.11.2024 16:15:23
Last modified 23.09.2025 12:07:56
Source security@qnapsecurity.com.tw
Teams watchlist Login
Open Login

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data.

We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Qnap ≫ Qts Version5.2.0.2737 Updatebuild_20240417

Qnap ≫ Qts Version5.2.0.2744 Updatebuild_20240424

Qnap ≫ Qts Version5.2.0.2782 Updatebuild_20240601

Qnap ≫ Qts Version5.2.0.2802 Updatebuild_20240620

Qnap ≫ Qts Version5.2.0.2823 Updatebuild_20240711

Qnap ≫ Qts Version5.2.0.2851 Updatebuild_20240808

Qnap ≫ Qts Version5.2.0.2860 Updatebuild_20240817

Qnap ≫ Quts Hero Versionh5.2.0.2737 Updatebuild_20240417

Qnap ≫ Quts Hero Versionh5.2.0.2782 Updatebuild_20240601

Qnap ≫ Quts Hero Versionh5.2.0.2789 Updatebuild_20240607

Qnap ≫ Quts Hero Versionh5.2.0.2802 Updatebuild_20240620

Qnap ≫ Quts Hero Versionh5.2.0.2823 Updatebuild_20240711

Qnap ≫ Quts Hero Versionh5.2.0.2851 Updatebuild_20240808

Qnap ≫ Quts Hero Versionh5.2.0.2860 Updatebuild_20240817

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.342

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
security@qnapsecurity.com.tw	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.qnap.com/en/security-advisory/qsa-24-43

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-37043

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-37043

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37043

EUVD