Bingwei Peng

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.2.1.2930 build 20241025 QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025 **Description** A buffer copy without checking the size of input issue has been reported, potentially allowing remote attackers with administrator access to execute code. **Recommendations** For QNAP QTS versions prior to 5.2.1.2930 build 20241025, update to QTS 5.2.1.2930 build 20241025 or later. For QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025, update to QuTS hero h5.2.1.2929 build 20241025 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.3.2578 build 20231110 QuTS hero versions prior to h5.1.3.2578 build 20231110 QuTScloud versions prior to c5.1.5.2651 **Description** The issue is related to a buffer copy without checking the size of input data, which could allow a remote attacker to execute arbitrary code. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. **Recommendations** For QTS versions prior to 5.1.3.2578 build 20231110, update to version 5.1.3.2578 build 20231110 or later. For QuTS hero versions prior to h5.1.3.2578 build 20231110, update to version h5.1.3.2578 build 20231110 or later. For QuTScloud versions prior to c5.1.5.2651, update to version c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.4.2596 build 20231128 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTScloud versions prior to c5.1.5.2651 **Description** A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. **Recommendations** For QTS versions prior to 5.1.4.2596 build 20231128, update to QTS 5.1.4.2596 build 20231128 or later. For QuTS hero versions prior to h5.1.4.2596 build 20231128, update to QuTS hero h5.1.4.2596 build 20231128 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.3.2578 build 20231110 QuTS hero versions prior to h5.1.3.2578 build 20231110 QuTScloud versions prior to c5.1.5.2651 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. This issue is related to the lack of input size validation during a buffer copy operation, which could be exploited by a remote attacker to execute arbitrary code. **Recommendations** For QTS versions prior to 5.1.3.2578 build 20231110, update to QTS 5.1.3.2578 build 20231110 or later. For QuTS hero versions prior to h5.1.3.2578 build 20231110, update to QuTS hero h5.1.3.2578 build 20231110 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2514 build 20230906 QTS versions prior to 5.1.2.2533 build 20230926 QuTS hero h versions prior to h5.0.1.2515 build 20230907 QuTS hero h versions prior to h5.1.2.2534 build 20230927 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. The issue is related to a buffer overflow in memory, which could enable a remote attacker to execute arbitrary code. **Recommendations** For QTS versions prior to 5.0.1.2514 build 20230906, update to QTS 5.0.1.2514 build 20230906 or later. For QTS versions prior to 5.1.2.2533 build 20230926, update to QTS 5.1.2.2533 build 20230926 or later. For QuTS hero h versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero h versions prior to h5.1.2.2534 build 20230927, update to QuTS hero h5.1.2.2534 build 20230927 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2514 build 20230906 QTS versions prior to 5.1.2.2533 build 20230926 QuTS hero h versions prior to h5.0.1.2515 build 20230907 QuTS hero h versions prior to h5.1.2.2534 build 20230927 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. The issue is related to a buffer overflow in memory, which could enable a remote attacker to execute arbitrary code. **Recommendations** For QTS versions prior to 5.0.1.2514 build 20230906, update to QTS 5.0.1.2514 build 20230906 or later. For QTS versions prior to 5.1.2.2533 build 20230926, update to QTS 5.1.2.2533 build 20230926 or later. For QuTS hero h versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero h versions prior to h5.1.2.2534 build 20230927, update to QuTS hero h5.1.2.2534 build 20230927 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero h versions prior to h5.0.1.2515 build 20230907 QuTS hero h versions prior to h5.1.0.2424 build 20230609 QuTS hero h versions prior to h4.5.4.2476 build 20230728 QuTScloud c versions prior to c5.1.0.2498 **Description** A buffer copy without checking the size of input issue has been reported, which could allow authenticated administrators to execute code via a network. The vulnerability is related to a buffer overflow in memory, where an attacker could exploit it to execute arbitrary code remotely. **Recommendations** For QTS versions prior to 5.0.1.2425 build 20230609, update to QTS 5.0.1.2425 build 20230609 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later. For QuTS hero h versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero h versions prior to h5.1.0.2424 build 20230609, update to QuTS hero h5.1.0.2424 build 20230609 or later. For QuTS hero h versions prior to h4.5.4.2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later. For QuTScloud c versions prior to c5.1.0.2498, update to QuTScloud c5.1.0.2498 or later.

**Name of the Vulnerable Software and Affected Versions** QuTS hero versions prior to h5.0.1.2515 build 20230907 QuTS hero versions prior to h5.1.0.2453 build 20230708 QuTS hero versions prior to h4.5.4.2476 build 20230728 QuTScloud versions prior to c5.1.0.2498 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 **Description** A NULL pointer dereference issue has been reported, which could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. **Recommendations** For QuTS hero versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero versions prior to h5.1.0.2453 build 20230708, update to QuTS hero h5.1.0.2453 build 20230708 or later. For QuTS hero versions prior to h4.5.4.2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later. For QuTScloud versions prior to c5.1.0.2498, update to QuTScloud c5.1.0.2498 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero versions prior to h5.0.1.2515 build 20230907 QuTS hero versions prior to h5.1.0.2424 build 20230609 QuTS hero versions prior to h4.5.4.2476 build 20230728 QuTScloud versions prior to c5.1.0.2498 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. This issue is related to a buffer overflow, where data is written beyond the boundaries of a buffer in memory, potentially allowing an attacker to execute arbitrary code. **Recommendations** For QTS versions prior to 5.0.1.2425 build 20230609, update to QTS 5.0.1.2425 build 20230609 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later. For QuTS hero versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero versions prior to h5.1.0.2424 build 20230609, update to QuTS hero h5.1.0.2424 build 20230609 or later. For QuTS hero versions prior to h4.5.4.2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later. For QuTScloud versions prior to c5.1.0.2498, update to QuTScloud c5.1.0.2498 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero versions prior to h5.0.1.2515 build 20230907 QuTS hero versions prior to h5.1.0.2424 build 20230609 QuTS hero versions prior to h4.5.4.2476 build 20230728 QuTScloud versions prior to c5.1.0.2498 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. **Recommendations** For QTS versions prior to 5.0.1.2425 build 20230609, update to QTS 5.0.1.2425 build 20230609 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later. For QuTS hero versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero versions prior to h5.1.0.2424 build 20230609, update to QuTS hero h5.1.0.2424 build 20230609 or later. For QuTS hero versions prior to h4.5.4.2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later. For QuTScloud versions prior to c5.1.0.2498, update to QuTScloud c5.1.0.2498 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.5.2645 build 20240116 QuTS hero versions prior to h5.1.5.2647 build 20240118 QuTScloud versions prior to c5.1.5.2651 **Description** A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. The issue is related to incorrect restriction of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For QTS versions prior to 5.1.5.2645 build 20240116, update to QTS 5.1.5.2645 build 20240116 or later. For QuTS hero versions prior to h5.1.5.2647 build 20240118, update to QuTS hero h5.1.5.2647 build 20240118 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 **Description** A buffer copy without checking the size of input issue has been reported, which could allow authenticated administrators to execute code via a network if exploited. This issue is related to a buffer overflow in memory, potentially enabling a remote attacker to execute arbitrary code. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 **Description** A buffer copy without checking the size of input issue has been reported, potentially allowing authenticated administrators to execute code via a network. This could be exploited by a remote attacker to execute arbitrary code. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 **Description** A buffer copy without checking the size of input issue has been reported, which could allow authenticated administrators to execute code via a network if exploited. This issue is related to a buffer overflow in memory, potentially enabling a remote attacker to execute arbitrary code. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 **Description** A buffer copy without checking the size of input issue has been reported, potentially allowing authenticated administrators to execute code via a network. This could be exploited by a remote attacker to execute arbitrary code. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 **Description** A buffer copy without checking the size of input issue has been reported, which could allow authenticated administrators to execute code via a network if exploited. This issue is related to a buffer overflow in memory, where exploitation may enable a remote attacker to execute arbitrary code. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.4.2596 build 20231128 QuTS hero versions prior to h5.1.4.2596 build 20231128 **Description** The issue is related to a buffer copy without checking the size of the input, which can lead to a buffer overflow in memory. This could allow a remote attacker to execute arbitrary code. The vulnerability can be exploited by authenticated administrators via a network. **Recommendations** For QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QuTS hero versions prior to h5.1.4.2596 build 20231128, update to version h5.1.4.2596 build 20231128 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.5.2645 build 20240116 QNAP QuTS hero versions prior to h5.1.5.2647 build 20240118 QNAP QuTScloud versions prior to c5.1.5.2651 **Description** A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. The issue is related to incorrect restriction of the path name to a directory with limited access, which may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For QNAP QTS versions prior to 5.1.5.2645 build 20240116, update to QTS 5.1.5.2645 build 20240116 or later. For QNAP QuTS hero versions prior to h5.1.5.2647 build 20240118, update to QuTS hero h5.1.5.2647 build 20240118 or later. For QNAP QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.2.2533 build 20230926 QuTS hero versions prior to h5.1.2.2534 build 20230927 QuTScloud versions prior to c5.1.5.2651 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. **Recommendations** For QTS versions prior to 5.1.2.2533 build 20230926, update to QTS 5.1.2.2533 build 20230926 or later. For QuTS hero versions prior to h5.1.2.2534 build 20230927, update to QuTS hero h5.1.2.2534 build 20230927 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.4.2596 build 20231128 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTScloud versions prior to c5.1.5.2651 **Description** A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. **Recommendations** For QTS versions prior to 5.1.4.2596 build 20231128, update to QTS 5.1.4.2596 build 20231128 or later. For QuTS hero versions prior to h5.1.4.2596 build 20231128, update to QuTS hero h5.1.4.2596 build 20231128 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.