CVE-2024-50403

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.2.2950 build 20241114 QNAP QuTS hero versions prior to 5.2.2.2952 build 20241116

Description A use of externally-controlled format string issue has been reported to affect several QNAP operating system versions. If exploited, the issue could allow remote attackers who have gained administrator access to obtain secret data or modify memory. The vulnerability is related to insufficient processing of format strings, which could allow an attacker to gain unauthorized access to protected information with root privileges.

Recommendations For QNAP QTS versions prior to 5.2.2.2950 build 20241114, update to QTS 5.2.2.2950 build 20241114 or later. For QNAP QuTS hero versions prior to 5.2.2.2952 build 20241116, update to QuTS hero h5.2.2.2952 build 20241116 or later.