CVE-2024-27127

HIGH

QNAP OS - Use After Free

Title source: llm

Description

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-24-23

Scores

CVSS v3 7.2

EPSS 0.0037

EPSS Percentile 58.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Classification

CWE

CWE-415

Status published

Affected Products (23)

qnap/qts

qnap/quts_hero

... and 8 more

Timeline

Published May 21, 2024

Tracked Since Feb 18, 2026