CVE-2024-27127

HIGH

QNAP OS - Use After Free

Title source: llm

Description

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-24-23

Scores

CVSS v3 7.2

EPSS 0.0037

EPSS Percentile 58.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-415

Status published

Products (23)

qnap/qts 5.1.0.2348 build_20230325

qnap/qts 5.1.0.2399 build_20230515

qnap/qts 5.1.0.2418 build_20230603

qnap/qts 5.1.0.2444 build_20230629

qnap/qts 5.1.0.2466 build_20230721

qnap/qts 5.1.1.2491 build_20230815

qnap/qts 5.1.2.2533 build_20230926

qnap/qts 5.1.3.2578 build_20231110

qnap/qts 5.1.4.2596 build_20231128

qnap/qts 5.1.5.2645 build_20240116

... and 13 more

Published May 21, 2024

Tracked Since Feb 18, 2026