Bingwei Peng

**Nome do software vulnerável e versões afetadas** Versões do QNAP QTS anteriores à 5.2.1.2930 build 20241025 Versões do QNAP QuTS hero anteriores à h5.2.1.2929 build 20241025 **Descrição** Foi relatada uma falha de cópia de buffer sem verificação do tamanho da entrada, que pode permitir que invasores remotos com acesso de administrador executem código. **Recomendações** Para versões do QNAP QTS anteriores à 5.2.1.2930 build 20241025, atualize para o QTS 5.2.1.2930 build 20241025 ou posterior. Para versões do QNAP QuTS hero anteriores à h5.2.1.2929 build 20241025, atualize para o QuTS hero h5.2.1.2929 build 20241025 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do QTS anteriores à 5.1.3.2578 build 20231110 Versões do QuTS hero anteriores à h5.1.3.2578 build 20231110 Versões do QuTScloud anteriores à c5.1.5.2651 **Descrição** O problema está relacionado a uma cópia de buffer sem verificação do tamanho dos dados de entrada, o que poderia permitir que um invasor remoto executasse código arbitrário. Se explorada, a vulnerabilidade poderia permitir que administradores autenticados executassem código através de uma rede. **Recomendações** Para versões do QTS anteriores à 5.1.3.2578 build 20231110, atualize para a versão 5.1.3.2578 build 20231110 ou posterior. Para versões do QuTS hero anteriores à h5.1.3.2578 build 20231110, atualize para a versão h5.1.3.2578 build 20231110 ou posterior. Para versões do QuTScloud anteriores à c5.1.5.2651, atualize para a versão c5.1.5.2651 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do QTS anteriores à 5.1.4.2596 build 20231128 Versões do QuTS hero anteriores à h5.1.4.2596 build 20231128 Versões do QuTScloud anteriores à c5.1.5.2651 **Descrição** Foi relatada uma vulnerabilidade de cópia de buffer sem verificação do tamanho da entrada que afeta várias versões do sistema operacional QNAP. Se explorada, a vulnerabilidade poderia permitir que administradores autenticados executassem código através de uma rede. **Recomendações** Para versões do QTS anteriores à 5.1.4.2596 build 20231128, atualize para o QTS 5.1.4.2596 build 20231128 ou posterior. Para versões do QuTS hero anteriores à h5.1.4.2596 build 20231128, atualize para o QuTS hero h5.1.4.2596 build 20231128 ou posterior. Para versões do QuTScloud anteriores à c5.1.5.2651, atualize para o QuTScloud c5.1.5.2651 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do QTS anteriores à 5.1.3.2578 build 20231110 Versões do QuTS hero anteriores à h5.1.3.2578 build 20231110 Versões do QuTScloud anteriores à c5.1.5.2651 **Descrição** Foi relatada uma vulnerabilidade de cópia de buffer sem verificação do tamanho da entrada que afeta várias versões do sistema operacional QNAP. Se explorada, a vulnerabilidade poderia permitir que administradores autenticados executassem código através de uma rede. Este problema está relacionado à falta de validação do tamanho da entrada durante uma operação de cópia de buffer, o que poderia ser explorado por um invasor remoto para executar código arbitrário. **Recomendações** Para versões do QTS anteriores à 5.1.3.2578 build 20231110, atualize para o QTS 5.1.3.2578 build 20231110 ou posterior. Para versões do QuTS hero anteriores à h5.1.3.2578 build 20231110, atualize para o QuTS hero h5.1.3.2578 build 20231110 ou posterior. Para versões do QuTScloud anteriores à c5.1.5.2651, atualize para o QuTScloud c5.1.5.2651 ou posterior.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2514 build 20230906 QTS versions prior to 5.1.2.2533 build 20230926 QuTS hero h versions prior to h5.0.1.2515 build 20230907 QuTS hero h versions prior to h5.1.2.2534 build 20230927 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. The issue is related to a buffer overflow in memory, which could enable a remote attacker to execute arbitrary code. **Recommendations** For QTS versions prior to 5.0.1.2514 build 20230906, update to QTS 5.0.1.2514 build 20230906 or later. For QTS versions prior to 5.1.2.2533 build 20230926, update to QTS 5.1.2.2533 build 20230926 or later. For QuTS hero h versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero h versions prior to h5.1.2.2534 build 20230927, update to QuTS hero h5.1.2.2534 build 20230927 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2514 build 20230906 QTS versions prior to 5.1.2.2533 build 20230926 QuTS hero h versions prior to h5.0.1.2515 build 20230907 QuTS hero h versions prior to h5.1.2.2534 build 20230927 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. The issue is related to a buffer overflow in memory, which could enable a remote attacker to execute arbitrary code. **Recommendations** For QTS versions prior to 5.0.1.2514 build 20230906, update to QTS 5.0.1.2514 build 20230906 or later. For QTS versions prior to 5.1.2.2533 build 20230926, update to QTS 5.1.2.2533 build 20230926 or later. For QuTS hero h versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero h versions prior to h5.1.2.2534 build 20230927, update to QuTS hero h5.1.2.2534 build 20230927 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero h versions prior to h5.0.1.2515 build 20230907 QuTS hero h versions prior to h5.1.0.2424 build 20230609 QuTS hero h versions prior to h4.5.4.2476 build 20230728 QuTScloud c versions prior to c5.1.0.2498 **Description** A buffer copy without checking the size of input issue has been reported, which could allow authenticated administrators to execute code via a network. The vulnerability is related to a buffer overflow in memory, where an attacker could exploit it to execute arbitrary code remotely. **Recommendations** For QTS versions prior to 5.0.1.2425 build 20230609, update to QTS 5.0.1.2425 build 20230609 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later. For QuTS hero h versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero h versions prior to h5.1.0.2424 build 20230609, update to QuTS hero h5.1.0.2424 build 20230609 or later. For QuTS hero h versions prior to h4.5.4.2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later. For QuTScloud c versions prior to c5.1.0.2498, update to QuTScloud c5.1.0.2498 or later.

**Name of the Vulnerable Software and Affected Versions** QuTS hero versions prior to h5.0.1.2515 build 20230907 QuTS hero versions prior to h5.1.0.2453 build 20230708 QuTS hero versions prior to h4.5.4.2476 build 20230728 QuTScloud versions prior to c5.1.0.2498 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 **Description** A NULL pointer dereference issue has been reported, which could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. **Recommendations** For QuTS hero versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero versions prior to h5.1.0.2453 build 20230708, update to QuTS hero h5.1.0.2453 build 20230708 or later. For QuTS hero versions prior to h4.5.4.2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later. For QuTScloud versions prior to c5.1.0.2498, update to QuTScloud c5.1.0.2498 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero versions prior to h5.0.1.2515 build 20230907 QuTS hero versions prior to h5.1.0.2424 build 20230609 QuTS hero versions prior to h4.5.4.2476 build 20230728 QuTScloud versions prior to c5.1.0.2498 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. This issue is related to a buffer overflow, where data is written beyond the boundaries of a buffer in memory, potentially allowing an attacker to execute arbitrary code. **Recommendations** For QTS versions prior to 5.0.1.2425 build 20230609, update to QTS 5.0.1.2425 build 20230609 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later. For QuTS hero versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero versions prior to h5.1.0.2424 build 20230609, update to QuTS hero h5.1.0.2424 build 20230609 or later. For QuTS hero versions prior to h4.5.4.2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later. For QuTScloud versions prior to c5.1.0.2498, update to QuTScloud c5.1.0.2498 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero versions prior to h5.0.1.2515 build 20230907 QuTS hero versions prior to h5.1.0.2424 build 20230609 QuTS hero versions prior to h4.5.4.2476 build 20230728 QuTScloud versions prior to c5.1.0.2498 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. **Recommendations** For QTS versions prior to 5.0.1.2425 build 20230609, update to QTS 5.0.1.2425 build 20230609 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later. For QuTS hero versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero versions prior to h5.1.0.2424 build 20230609, update to QuTS hero h5.1.0.2424 build 20230609 or later. For QuTS hero versions prior to h4.5.4.2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later. For QuTScloud versions prior to c5.1.0.2498, update to QuTScloud c5.1.0.2498 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.5.2645 build 20240116 QuTS hero versions prior to h5.1.5.2647 build 20240118 QuTScloud versions prior to c5.1.5.2651 **Description** A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. The issue is related to incorrect restriction of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For QTS versions prior to 5.1.5.2645 build 20240116, update to QTS 5.1.5.2645 build 20240116 or later. For QuTS hero versions prior to h5.1.5.2647 build 20240118, update to QuTS hero h5.1.5.2647 build 20240118 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 **Description** A buffer copy without checking the size of input issue has been reported, which could allow authenticated administrators to execute code via a network if exploited. This issue is related to a buffer overflow in memory, potentially enabling a remote attacker to execute arbitrary code. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 **Description** A buffer copy without checking the size of input issue has been reported, potentially allowing authenticated administrators to execute code via a network. This could be exploited by a remote attacker to execute arbitrary code. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 **Description** A buffer copy without checking the size of input issue has been reported, which could allow authenticated administrators to execute code via a network if exploited. This issue is related to a buffer overflow in memory, potentially enabling a remote attacker to execute arbitrary code. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 **Description** A buffer copy without checking the size of input issue has been reported, potentially allowing authenticated administrators to execute code via a network. This could be exploited by a remote attacker to execute arbitrary code. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 **Description** A buffer copy without checking the size of input issue has been reported, which could allow authenticated administrators to execute code via a network if exploited. This issue is related to a buffer overflow in memory, where exploitation may enable a remote attacker to execute arbitrary code. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.4.2596 build 20231128 QuTS hero versions prior to h5.1.4.2596 build 20231128 **Description** The issue is related to a buffer copy without checking the size of the input, which can lead to a buffer overflow in memory. This could allow a remote attacker to execute arbitrary code. The vulnerability can be exploited by authenticated administrators via a network. **Recommendations** For QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QuTS hero versions prior to h5.1.4.2596 build 20231128, update to version h5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.5.2645 build 20240116 QNAP QuTS hero versions prior to h5.1.5.2647 build 20240118 QNAP QuTScloud versions prior to c5.1.5.2651 **Description** A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. The issue is related to incorrect restriction of the path name to a directory with limited access, which may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For QNAP QTS versions prior to 5.1.5.2645 build 20240116, update to QTS 5.1.5.2645 build 20240116 or later. For QNAP QuTS hero versions prior to h5.1.5.2647 build 20240118, update to QuTS hero h5.1.5.2647 build 20240118 or later. For QNAP QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.2.2533 build 20230926 QuTS hero versions prior to h5.1.2.2534 build 20230927 QuTScloud versions prior to c5.1.5.2651 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. **Recommendations** For QTS versions prior to 5.1.2.2533 build 20230926, update to QTS 5.1.2.2533 build 20230926 or later. For QuTS hero versions prior to h5.1.2.2534 build 20230927, update to QuTS hero h5.1.2.2534 build 20230927 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.4.2596 build 20231128 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTScloud versions prior to c5.1.5.2651 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. **Recommendations** For QTS versions prior to 5.1.4.2596 build 20231128, update to QTS 5.1.4.2596 build 20231128 or later. For QuTS hero versions prior to h5.1.4.2596 build 20231128, update to QuTS hero h5.1.4.2596 build 20231128 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.