Back

CVE-2024-21905

April 26, 2024, 3:32 p.m.

Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

QNAP QuTScloud

  • c5.1.5.2651 and later

QNAP QTS

  • 5.1.3.2578 build 20231110 and later

QNAP QuTS hero

  • h5.1.3.2578 build 20231110 and later

Source

security@qnapsecurity.com.tw

Tags

CVE-2024-21905 details

Published : April 26, 2024, 3:15 p.m.
Last Modified : April 26, 2024, 3:32 p.m.

Description

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

CVSS Score

1 2 3 4 5 6.5 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

Base Score

6.5

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

References

URL Source
https://www.qnap.com/en/security-advisory/qsa-24-16 security@qnapsecurity.com.tw
This website uses the NVD API, but is not approved or certified by it.