CVE-2024-53698

MEDIUM

Qnap Qts - Double Free

Title source: rule

Description

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-24-54

Scores

CVSS v3 4.9

EPSS 0.0007

EPSS Percentile 21.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-415

Status published

Affected Products (19)

qnap/qts

qnap/quts_hero

... and 4 more

Timeline

Published Mar 07, 2025

Tracked Since Feb 18, 2026