Tri

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.2.1.2930 build 20241025 QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025 Description: A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. Recommendations: For QNAP QTS versions prior to 5.2.1.2930 build 20241025, update to QTS 5.2.1.2930 build 20241025 or later. For QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025, update to QuTS hero h5.2.1.2929 build 20241025 or later.

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.2.1.2930 build 20241025 QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025 Description: A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. Recommendations: For QNAP QTS versions prior to 5.2.1.2930 build 20241025, update to QTS 5.2.1.2930 build 20241025 or later. For QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025, update to QuTS hero h5.2.1.2929 build 20241025 or later.

**Name of the Vulnerable Software and Affected Versions** License Center versions prior to 1.9.43 **Description** A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. This issue is related to the failure to neutralize special elements used in operating system commands. **Recommendations** For versions prior to 1.9.43, update to License Center 1.9.43 or later to resolve the issue. As a temporary workaround, consider restricting access to the License Center to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.9.2954 build 20241120 QNAP QTS versions prior to 5.2.2.2950 build 20241114 QNAP QuTS hero versions prior to h5.1.9.2954 build 20241120 QNAP QuTS hero versions prior to h5.2.2.2952 build 20241116 **Description** An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. **Recommendations** For QNAP QTS versions prior to 5.1.9.2954 build 20241120, update to QTS 5.1.9.2954 build 20241120 or later. For QNAP QTS versions prior to 5.2.2.2950 build 20241114, update to QTS 5.2.2.2950 build 20241114 or later. For QNAP QuTS hero versions prior to h5.1.9.2954 build 20241120, update to QuTS hero h5.1.9.2954 build 20241120 or later. For QNAP QuTS hero versions prior to h5.2.2.2952 build 20241116, update to QuTS hero h5.2.2.2952 build 20241116 or later.

**Name of the Vulnerable Software and Affected Versions** Sonos Era 100 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this issue. The specific flaw exists within the handling of SMB2 messages, resulting from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this issue to execute code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.