PT-2023-8507 · Qnap · Qutscloud+2

Bingwei Peng

Published

2023-08-28

Updated

2024-02-06

CVE-2023-41292

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.4.2596 build 20231128 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTScloud versions prior to c5.1.5.2651

Description A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

Recommendations For QTS versions prior to 5.1.4.2596 build 20231128, update to QTS 5.1.4.2596 build 20231128 or later. For QuTS hero versions prior to h5.1.4.2596 build 20231128, update to QuTS hero h5.1.4.2596 build 20231128 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2024-01045

CVE-2023-41292

Affected Products

Qts

Quts Hero

Qutscloud

PT-2023-8507 · Qnap · Qutscloud+2

CVE-2023-41292

Weakness Enumeration

Related Identifiers

Affected Products

References · 8