CVE-2024-53691

HIGH

QNAP QTS and QuTS hero - Link Following via File System Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-53691. PoCs published by C411e.

AI-analyzed exploit summary This repository contains a working exploit for CVE-2024-53691, a link following vulnerability in QNAP QTS and QuTS hero. The exploit leverages symlink traversal via ZIP upload and file encryption/decryption to achieve arbitrary file write, leading to remote code execution as root.

Description

A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later

Exploits (1)

nomisec WORKING POC 14 stars

by C411e · poc

https://github.com/C411e/CVE-2024-53691

View Code ZIP pw:eip

This repository contains a working exploit for CVE-2024-53691, a link following vulnerability in QNAP QTS and QuTS hero. The exploit leverages symlink traversal via ZIP upload and file encryption/decryption to achieve arbitrary file write, leading to remote code execution as root.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: QNAP QTS 5.1.x, QuTS hero h5.1.x

Auth required

Prerequisites: Valid user credentials with file upload permissions · Network access to the target system

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1204 - User Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://www.qnap.com/en/security-advisory/qsa-24-28

Scores

CVSS v3 8.8

EPSS 0.2011

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-59

Status published

Products (33)

qnap/qts 5.1.0.2348 build_20230325

qnap/qts 5.1.0.2399 build_20230515

qnap/qts 5.1.0.2418 build_20230603

qnap/qts 5.1.0.2444 build_20230629

qnap/qts 5.1.0.2466 build_20230721

qnap/qts 5.1.1.2491 build_20230815

qnap/qts 5.1.2.2533 build_20230926

qnap/qts 5.1.3.2578 build_20231110

qnap/qts 5.1.4.2596 build_20231128

qnap/qts 5.1.5.2645 build_20240116

... and 23 more

Published Dec 06, 2024

Tracked Since Feb 18, 2026