CVE-2024-27130

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.7.2770 build 20240520 QuTS hero versions prior to h5.1.7.2770 build 20240520

Description The issue is related to a buffer copy without checking the size of the input, which can lead to a stack overflow. This allows remote-code execution on QNAP devices. The vulnerability is associated with the get file size function in the share.cgi file. It is estimated that over 3 million devices may be affected. The vulnerability has been exploited in real-world incidents, with a proof-of-concept (PoC) exploit available. Technical details about exploitation include the use of a string parameter that triggers the overflow, making exploitation more complex due to the inability to add null bytes to the payload.

Recommendations For QTS versions prior to 5.1.7.2770 build 20240520, update to QTS 5.1.7.2770 build 20240520 or later. For QuTS hero versions prior to h5.1.7.2770 build 20240520, update to QuTS hero h5.1.7.2770 build 20240520 or later. As a temporary workaround, consider restricting access to the vulnerable share.cgi file until a patch is applied.