8.8

CVE-2024-50396

QTS, QuTS hero

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory.

We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QnapQts Version5.2.0.2737 Updatebuild_20240417
QnapQts Version5.2.0.2744 Updatebuild_20240424
QnapQts Version5.2.0.2782 Updatebuild_20240601
QnapQts Version5.2.0.2802 Updatebuild_20240620
QnapQts Version5.2.0.2823 Updatebuild_20240711
QnapQts Version5.2.0.2851 Updatebuild_20240808
QnapQts Version5.2.0.2860 Updatebuild_20240817
QnapQuts Hero Versionh5.2.0.2737 Updatebuild_20240417
QnapQuts Hero Versionh5.2.0.2782 Updatebuild_20240601
QnapQuts Hero Versionh5.2.0.2789 Updatebuild_20240607
QnapQuts Hero Versionh5.2.0.2802 Updatebuild_20240620
QnapQuts Hero Versionh5.2.0.2823 Updatebuild_20240711
QnapQuts Hero Versionh5.2.0.2851 Updatebuild_20240808
QnapQuts Hero Versionh5.2.0.2860 Updatebuild_20240817
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.58% 0.817
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security@qnapsecurity.com.tw 7.7 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.