Home
LOW: 2.0 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:UDefault status
unaffected
5.1.x (custom) before 5.1.9.2954 build 20241120
affected
5.2.x (custom) before 5.2.3.3006 build 20250108
affected
Default status
unaffected
h5.1.x (custom) before h5.1.9.2954 build 20241120
affected
h5.2.x (custom) before h5.2.3.3006 build 20250108
affected
Description
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.3.3006 build 20250108 and later
Problem types
Product status
5.1.x (custom) before 5.1.9.2954 build 20241120
5.2.x (custom) before 5.2.3.3006 build 20250108
h5.1.x (custom) before h5.1.9.2954 build 20241120
h5.2.x (custom) before h5.2.3.3006 build 20250108
References
www.qnap.com/en/security-advisory/qsa-24-54