Skip to main content

Qts CVE-2024-50399

LOW
Use of Externally-Controlled Format String (CWE-134)
2024-11-22 security@qnapsecurity.com.tw
2.1
CVSS 4.0 · Vendor: qnapsecurity

Severity by source

Vendor (qnapsecurity) PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (qnapsecurity) · only source for this CVE.

CVSS VectorVendor: qnapsecurity

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Nov 22, 2024 - 16:15 cve.org
LOW 2.1

DescriptionCVE.org

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.

We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

AnalysisAI

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-134. A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later Affected products include: Qnap Qts, Qnap Quts Hero.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Qts

View all
CVE-2017-6361 CRITICAL POC
9.8 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. Rated criti

CVE-2017-6360 CRITICAL POC
9.8 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information

CVE-2017-13067 CRITICAL POC
9.8 Sep 14

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.

CVE-2017-6359 CRITICAL POC
9.8 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands vi

CVE-2017-5227 HIGH POC
7.5 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by

CVE-2017-7876 CRITICAL POC
10.0 Jun 15

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. R

CVE-2019-7193 CRITICAL POC
9.8 Dec 05

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. Rated criti

CVE-2023-39296 HIGH POC
7.5 Jan 05

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high sever

CVE-2017-17028 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 2

CVE-2017-17033 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117

CVE-2017-17032 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117

CVE-2017-17031 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117

Share

CVE-2024-50399 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy