PT-2024-10148 · Qnap · Qts+1
C411E
+1
·
Published
2024-09-07
·
Updated
2025-09-23
·
CVE-2024-53691
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QTS versions prior to 5.1.8.2823 build 20240712
QTS versions prior to 5.2.0.2802 build 20240620
QuTS hero versions prior to h5.1.8.2823 build 20240712
QuTS hero versions prior to h5.2.0.2802 build 20240620
Description
The issue is related to a link following vulnerability that could allow remote attackers with user access to traverse the file system to unintended locations. This vulnerability may allow attackers to access sensitive files and execute arbitrary code, potentially leading to privilege escalation.
Recommendations
For QTS versions prior to 5.1.8.2823 build 20240712, update to QTS 5.1.8.2823 build 20240712 or later.
For QTS versions prior to 5.2.0.2802 build 20240620, update to QTS 5.2.0.2802 build 20240620 or later.
For QuTS hero versions prior to h5.1.8.2823 build 20240712, update to QuTS hero h5.1.8.2823 build 20240712 or later.
For QuTS hero versions prior to h5.2.0.2802 build 20240620, update to QuTS hero h5.2.0.2802 build 20240620 or later.
Exploit
Fix
RCE
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qts
Quts Hero