CVE-2024-27130

HIGH EXPLOITED

QNAP OS - Buffer Overflow

Title source: llm

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Exploits (5)

nomisec WORKING POC 37 stars

by watchtowrlabs · remote

https://github.com/watchtowrlabs/CVE-2024-27130

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by d0rb · remote

https://github.com/d0rb/CVE-2024-27130

View Code ZIP pw:eip

nomisec WORKING POC

by dkstar11q · poc

https://github.com/dkstar11q/cve-2024-27130-poc

View Code ZIP pw:eip

vulncheck_xdb

remote

https://github.com/XiaomingX/cve-2024-27130-poc

View on vulncheck_xdb

inthewild

poc

https://github.com/xiaomingx/cve-2024-27130-poc

View on inthewild

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-24-23

Scores

CVSS v3 7.2

EPSS 0.8100

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Details

VulnCheck KEV 2024-05-27

CWE

CWE-121 CWE-120

Status published

Products (23)

qnap/qts 5.1.0.2348 build_20230325

qnap/qts 5.1.0.2399 build_20230515

qnap/qts 5.1.0.2418 build_20230603

qnap/qts 5.1.0.2444 build_20230629

qnap/qts 5.1.0.2466 build_20230721

qnap/qts 5.1.1.2491 build_20230815

qnap/qts 5.1.2.2533 build_20230926

qnap/qts 5.1.3.2578 build_20231110

qnap/qts 5.1.4.2596 build_20231128

qnap/qts 5.1.5.2645 build_20240116

... and 13 more

Published May 21, 2024

Tracked Since Feb 18, 2026