Description
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
References (1)
Core 1
Core References
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-24-23
Scores
CVSS v3
6.4
EPSS
0.0048
EPSS Percentile
65.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
CWE-732
Status
published
Products (23)
qnap/qts
5.1.0.2348 build_20230325
qnap/qts
5.1.0.2399 build_20230515
qnap/qts
5.1.0.2418 build_20230603
qnap/qts
5.1.0.2444 build_20230629
qnap/qts
5.1.0.2466 build_20230721
qnap/qts
5.1.1.2491 build_20230815
qnap/qts
5.1.2.2533 build_20230926
qnap/qts
5.1.3.2578 build_20231110
qnap/qts
5.1.4.2596 build_20231128
qnap/qts
5.1.5.2645 build_20240116
... and 13 more
Published
May 21, 2024
Tracked Since
Feb 18, 2026